• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

PHP and special characters

Contributor ,
Jul 02, 2018 Jul 02, 2018

Copy link to clipboard

Copied

Hi,

I am having trouble with an HTML simple text input form that where the  user may enter special characters such as single quote or double quote etc.

form text example: I'm Feeling good.

When processing the form - php - post to mysql DB shows the error :

Syntax error or access violation: 1064 You have an error in your SQL syntax...

the value it got was like:

'I'm Feeling good',

- which has 3 single quotes - causing the error...

Q: Is there a way to properly escape whatever the special characters are that might be type to fix this issue for php?

Thanks

Dave

Views

1.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

LEGEND , Jul 02, 2018 Jul 02, 2018

The best way to handle this would be to use a prepared statement. Prepared statements are supported by MySQLi and PDO.

An alternative approach (not as good) would be to pass the text input to htmlentities() before adding it to the SQL. To convert both single and double quotes, you need to use ENT_QUOTES as the second argument:

$text = htmlentities($text, ENT_QUOTES);

Votes

Translate

Translate
LEGEND ,
Jul 02, 2018 Jul 02, 2018

Copy link to clipboard

Copied

The best way to handle this would be to use a prepared statement. Prepared statements are supported by MySQLi and PDO.

An alternative approach (not as good) would be to pass the text input to htmlentities() before adding it to the SQL. To convert both single and double quotes, you need to use ENT_QUOTES as the second argument:

$text = htmlentities($text, ENT_QUOTES);

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Jul 02, 2018 Jul 02, 2018

Copy link to clipboard

Copied

LATEST

Thank you so much David! I had forgotten about  Prepared statements. I already was using PDO and now that I added Prepared statements along with $stmt->bindParam( .... now all is working well.

THANKS AGAIN,

Dave

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines