Posted by Steve Chapel on 03/11/06 15:06

Stefan Mueller wrote:
> I've a web page with several input boxes. After the user clicks 'submit' I
> insert these data into my MySQL database.
> This worked for several months perfect. But today a user entered the street
> name
> Route d'Yverdon 59
>
> unfortunately the data has not been inserted into my MySQL database because
> of the apostroph (') in the name of the street.
>
> I've no idea how to deal with this problem.
> Is there any possibility to avoid that my PHP & Java scripts don't interpret
> apostrophs (') and semicolons (")?

I use PEAR DB with placeholders:

$db->query("insert into users values (?, ?);", array($name, $address));

will always quote the name and address properly. This not only helps to
put the data in the database properly, but also prevents nasty SQL
injection security attacks. JDBC also can use placeholders for SQL
statements.

• Next in forum: shorten array handling
• Prev in forum: Re: str_ireplace() for php4?
• Thread view: Re: How to handle apostrophs and semicolons

[Reply to this message]