/    Sign up×
Community /Pin to ProfileBookmark

How to handle apostrophes ?

Copy linkTweet thisAlerts:
Dec 14.2014

I had an error because of an apostrophe

I’m using real_escape, not sure why really this is an administrative input that is password protected to get access to eg. only people that work for the website can enter data (supposedly)

$description-of-problem = mysql_real_escape_string($dop);

dop = description-of-problem

Anyway I typed in “It’s a piece of…” and the error says

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s a piece of ….’)’

I read about using &#39 but I don’t know how to apply it

here

[url]http://stackoverflow.com/questions/2428572/how-to-escape-single-quote[/url]

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@Stephen_PhilbinDec 14.2014 — You use mysql_real_escape_string() to "escape" certain characters in a query that also mean something to MySQL. The appostrope is one such character. IWhen running a MySQL query through PHP, the appostrope. To us, it just signals an omission of letters or that a word has been pluralised, but to MySQL it pretty-much means the end of your query. So Your DB can end up thinking you're running a two brief, probably syntactically invallid, queries rather than what you actually want. That's why MySQL is complaining that it doesn't know what you mean by [i]'s a piece of ....[/i]; it thinks that's your second query.

Normally, you'd mave this all handled for you with a single call to mysql_real_escape_string, but it doesn't seem to be working for you. Using the function should change the string from [i]It's a piece of...[/i] to [i]It's a piece of...[/i]. The character tells MySQL to ignore the special meaning of the character (to end a query) and just treat it like any other character. That way, the whole string gets used. For some reason, mysql_real_escape_string doesn't appear to be working, though. I'd imaging this is more to do with the string getting escaped twice, rather than the function actually failing. So you're probably ending up with the string [i]It's a piece of...[/i]. Because of two in a row the first tells MySQL to ignore the special meaning of and just read it in. Because the special meaning of the second is then dropped, the special meaning of appostrophe returnind because it is no longer preceded by a with a special meaning. The that is there is just treatrd like any other character.

You can check what's going on by just using var_dump($the-query) in place of mysql_query($the-query). This'll show you exactly what query the database is trying to run.

Like I said, I suspect it'll be down to too many calls the functions that escape strings rather than them not working. There are quite a few of them. Check out the following page for more information. Especially the function calls listed in the "See Also" section. They describe functions/features that can also cause double escaping wif they are used as well a mysql_real_escape_string. http://php.net/manual/en/function.mysql-real-escape-string.php
Copy linkTweet thisAlerts:
@GreenAce92authorDec 14.2014 — Thank you for your long response. I've got a lot to do and fortunately this problem is on the worker end eg. not for the customer so I'll tell (myself) not to use apostrophes in the text input.
Copy linkTweet thisAlerts:
@Stephen_PhilbinDec 14.2014 — Well you can Still use appostropes in yor input. Sometimes it's very difficult to avoid. When you're not quite so busy, I'd very strongly recomment that you read about the proper escaping of input because it is of critical importance. If a script kiddie finds a site with improper input escaping then it's usually just a matter of seconds until the entire contents of the database are deleted, or, in the case of more experienced attackers, they just re-purpose the website to serve thir needs.

I also forgotto say about your attempts at using entity references. I tried iditing the post bu I was too late, so here's what I tried posting about them.

An appostrophe (and pretty-much [b]any[/b] other character) can be represented in HTML with an what's called an Entity Reference. When you want to display a character with an entity reference, you must do it in the following way.

1) write an ampersand character immediately followed by the number sign "&#"

2) If you are using a decimal code point, procede to step 3. If you are using a hexadecimal code point then add the letter x "&#x".

3) Add the code point to what you've written so far. For the appostrophe the code ponts are 27 (in hexadecimal) and 39 (in decimal)

so that would be either "&#x27" for hexadecimal notation, or "&#39" for decimal notation.

4) Stick a semicolon on the end.

Resulting in either "'" for hexadecimal notation, or "'" for decimal notation.

Entity references are probably most commonly used to encode things so that they can be safely used in a URL. For example the ampersand already has a special meaning in URLs, so if you want to use one in a URL as a plain character, it must be referred to by entity reference ("&" for example). Entity references are handy many many other places too. Like,for example, preventing an XML parser barfing all over the floor when you feed it something like <easy-question>Is 1 < 2 ?<easy-question> 'cause you can just change it to <easy-question>Is 1 < 2 ?<easy-question> and the parser will avoid the error and keep on goin'. ?
Copy linkTweet thisAlerts:
@GreenAce92authorDec 14.2014 — you know it's really bad, like this "laziness" that I feel

I'm willing to do all this work, pay the sever / domain fees

Then I'm too lazy to fix a few lines of code that could mean the difference between some form of income and nothing at all

I don't know I'm definitely going to do it

Thank you for your thorough response
Copy linkTweet thisAlerts:
@GreenAce92authorDec 14.2014 — By the way your acceptable policy link on your signature doesn't point to an existing page / content

I am interested in that "how much should I get paid"
Copy linkTweet thisAlerts:
@Stephen_PhilbinDec 14.2014 — Oh I haven't been able to use these forums for a few years and in that time it's changed owners. The previous owners asked us to have those links in our signatures . I hadn't really given them any thought 'till you mentioned them. They certainly don't seem to serve any purpose any more. Thanks for pointing them out. ?
×

Success!

Help @GreenAce92 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.20,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...