MYSQL input data with double-quotes

MYSQL input data with double-quotes

am 29.03.2006 02:42:12 von Robert

This one really has me stumped.

I need to add or update a mysql table with a string that includes double
quotes. I use the addslashes() function to set the necessary escapes. This
works with INSERT. However, with UPDATE the string is truncated at the first
double-quote. (No problem with single-puote.)

This code works, no problem:

$line1=$_POST['item1'];
$line1=addslashes($line1);
mysql_query("INSERT INTO $tablename (info) VALUES('$line1') ") or
die(mysql_error());

With this code, the string is truncated when a double-quote is encountered.

$title1=$_POST['T1'];
$title1=addslashes($title1);
mysql_query("UPDATE $tablename SET info='$title1' WHERE id='1' ") or
die(mysql_error());

I would be very grateful for any explanation of this problem

Thanks, Robert

Re: MYSQL input data with double-quotes

am 29.03.2006 04:32:11 von Robert

OOPS! Never mind, I finally figured it out. Nothing wrong with that code, it
was some other code.

Sorry for the bother,
Robert the novice

"Robert" wrote in message
news:EJkWf.34631$1Z5.26003@tornado.texas.rr.com...
> This one really has me stumped.
>
> I need to add or update a mysql table with a string that includes double
> quotes. I use the addslashes() function to set the necessary escapes. This
> works with INSERT. However, with UPDATE the string is truncated at the
> first double-quote. (No problem with single-puote.)
>
> This code works, no problem:
>
> $line1=$_POST['item1'];
> $line1=addslashes($line1);
> mysql_query("INSERT INTO $tablename (info) VALUES('$line1') ") or
> die(mysql_error());
>
> With this code, the string is truncated when a double-quote is
> encountered.
>
> $title1=$_POST['T1'];
> $title1=addslashes($title1);
> mysql_query("UPDATE $tablename SET info='$title1' WHERE id='1' ") or
> die(mysql_error());
>
> I would be very grateful for any explanation of this problem
>
> Thanks, Robert
>
>

Re: MYSQL input data with double-quotes

am 29.03.2006 12:39:11 von J2Be

You should use mysql_real_escape_string() for the necessary escaping
caring also about the charset.

Regards.


--
Leonardo Armando Iarrusso - J2Be
www: http://www.J2be.com - e-mail: info[at]J2Be.com

Re: MYSQL input data with double-quotes

am 30.03.2006 01:31:03 von Robert

Thanks for the tip, Leonardo!

Robert

"J2be" wrote in message
news:442a6281$0$36931$4fafbaef@reader3.news.tin.it...
> You should use mysql_real_escape_string() for the necessary escaping
> caring also about the charset.
>
> Regards.
>
>
> --
> Leonardo Armando Iarrusso - J2Be
> www: http://www.J2be.com - e-mail: info[at]J2Be.com
>