PHP - Capital Letters After Apostrophe Or Hypen

Hi ,       I have a website which uses apostrophe in merchant names (craig's) and Product name (Fresh goat's). If I try click on the search pages using these names with apostrophe then it displays the following error.   Error: SELECT * FROM merchant WHERE user_name='Major_Craig's_Chutney' && is_active='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's_Chutney' && is_active='1'' at line 1   I tried to add an apostrophe in php file of  merchant search but still it shows up the same error or empty page.    can anyone help me on this????

I have the following code to search my database (obviously some of the surrounding code is not provided) but I hope this provides enough for me to be clear about my problem) :

$sql="SELECT *  FROM member_details WHERE state='$state' AND location='$locn' ORDER BY Surname, Given_name";
       $result=mysqli_query($conn, $sql) or die("Error in selection -".mysqli_error($conn));
       $numrows=mysqli_num_rows($result);
       if($numrows==0)
   {
      echo "There are no members listed in this State/Territory/location.";
   }
   else
   {         
                while($row=mysqli_fetch_array($result))
           {
                        $surname=$row['Surname'];
                        if (strstr($surname, "'")) 
                        echo "yes";
                        else echo "no";
                }
         }
This works fine if I am searching for a surname that contains a letter such as ''a".  However when I search on the apostrophe, even though I know I have several surnames in the database which contain the apostrophe, I get a 'no' response for all of them.


Thank you.
Can anyone see what I am doing wrong here please or suggest a different approach? 

I'm a little rusty on my PHP skills, so this (probably simple) problem has me stumped.  I have a search engine which retrieves from a database with titles, of which some of those titles have apostrophes within them.  There can also be several authors for a single title, so I've set up this code to retrieve and give each author a different url to their page:

Code: [Select]
$select_author = mysql_query("SELECT DISTINCT author FROM archives WHERE `title` = '$title' AND `year` = '$year' AND `category` = '$category' AND `group` = '$group' ") or die(mysql_error());
However, whenever an apostrophe appears for the $title I get this error:

Quote

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll Have Lemonade, Please' AND `year` = '2002' AND `category` = 'Lemon' AND `grou' at line 1


The full title is "I'll Have Lemonade, Please," and you can see where the problem lies.  I've tried replacing the "`title` = '$title'" with "`title` = '%s'", but then none of the authors will appear.

Anyone have any suggestions on how to fix this problem?  Thanks in advance, and here's the full code:

Code: [Select]
<?php

if(isset($_POST[search])) {

$title = strtolower(strip_tags(mysql_escape_string($_POST['title'])));
$author = strtolower(strip_tags(mysql_escape_string($_POST['author'])));
$summary = strtolower(strip_tags(mysql_escape_string($_POST['summary'])));
$category = strip_tags(mysql_escape_string($_POST['category']));
$group = strip_tags(mysql_escape_string($_POST['group']));
$rating = strip_tags(mysql_escape_string($_POST['rating']));
$year = strip_tags(mysql_escape_string($_POST['year']));

$termsArray = array();

if(!empty($author))
{
$termsArray[] = "author LIKE '%$author%'";
}

if(!empty($title))
{
$termsArray[] = "title LIKE '%$title%'";
}

if(!empty($summary))
{
$termsArray[] = "summary LIKE '%$summary%'";
}

if (count($termsArray) > 0){
   $terms = implode(" AND ", $termsArray);
   $terms = " WHERE ".$terms;
   unset($termsArray); //clear memory, cause we're finished using this.
}

$join = (empty($title) && empty($author) && empty($summary)) ? "WHERE" : "AND";

$sql_category = ($category == all) ? "" : "$join `category`='$category'";

if ($sql_category != ""){
   $join = "AND";
}

$sql_group = ($group == all) ? "" : "$join `group`='$group'";

if ($sql_group != ""){
   $join = "AND";
}

$sql_rating = ($rating == all) ? "" : "$join `rating`='$rating'";

if ($sql_rating != ""){
   $join = "AND";
}

$sql_year = ($year == all) ? "" : "$join year='$year'";

$qSearch = "SELECT * FROM archives
$terms $sql_category $sql_group $sql_rating $sql_year
GROUP BY url ORDER BY title ASC, author ASC";

$rsSearch = mysql_query($qSearch) or die(mysql_error());

$end = '';
if (mysql_num_rows($rsSearch) >= 2)
{
$end = 's';
}

if (mysql_num_rows($rsSearch) == 0)
{
print '<p>Sorry, there were no results returned for your search. Please try again.</p>';
}
else
{
print '<center><p><b>'.mysql_num_rows($rsSearch).'</b> title'.$end.' found.</p></center>';

echo '<ol>';

while ($row = mysql_fetch_array($rsSearch))
{
extract($row);

$select_author = mysql_query("SELECT DISTINCT author FROM archives WHERE `title` = '$title' AND `year` = '$year' AND `category` = '$category' AND `group` = '$group' ") or die(mysql_error());

$aut = "";
while ($row3 = mysql_fetch_array($select_author)) {
   $aut .= "<a href=\"author.php?author={$row3[author]}\">$row3[author]</a> & ";
}

$aut = substr($aut,0,-3);

$my_code = urlencode($title);
$my_author = urlencode($author);

echo '<li><a href="info.php?author='.$my_author.'&title='.$my_code.'">'.$title.'</a> by '.$aut.'</li>';

}
echo '</ol>'; 

}
}
?>

Hi Friends, I am Anes
I want to ensure all surnames are uppercase in php
I use       $surname = ucfirst(strtolower($dataField));

How do I ensure that any names such as O'Brien, don't result in O'brien

thanks   

Hi Guys

I have this PHP Upload Scripts below which uploads file of customers into the customers folder and at the same time inserts the file path into the database.

The problems is for name like O'hare or O'neil its uploads into the customers folder but does not insert the file path into the database - probably because of the " ' " apostrophe

From the code below is there anyway I can deal with this issue?  Thanks alot

Code: [Select]
<?php 
//This php block of code will takecare of inserting the upload variables into the db

if(isset($_POST['submitbutton'])) {
$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';
$target_path = $target_path . basename( $_FILES['upload']['name']);
$manager= mysql_real_escape_string($_POST['username']);
$upload =  $_FILES['upload']['name'];
$check_id = mysql_real_escape_string($_POST['id']);
$submitbutton= mysql_real_escape_string($_POST['submitbutton']);



if($submitbutton)
{
if($manager&&$upload)
{
if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);
echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];

$insert=mysql_query("INSERT INTO img_up (username,upload,id,target_path,img_date) VALUES ('$manager','$upload','$check_id','$target_path', now()) ");

// Where the file is going to be placed 
$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['upload']['name']); 

$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

$target_path = $target_path . basename( $_FILES['upload']['name']); 

if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);
echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];
}


}
}
else
{
echo "There was an error uploading the file, please try again!";
}
}
 header("location: mainupload_complete.php?id=$check_id"); 
}
?>

I am having trouble, because I am trying to enter a string, such as this into a database field:

$string = "There's trouble ahead because they're silly.";

Ofcourse, MySQL craps out because of the apostrophes.

So I did this:

$string = mysql_real_escape_string($string);

This is entered into the database, however it is entered as this:

"There\'s trouble ahead because they\'re silly."

I was wondering how I can enter apostrophes, without entering a backslash, because now when I pull the text from the DB and display it on a page, I get a backslash in front of all apostrophes.

HELP!  Please!

Is the only way around this to add slashes, then use stripslashes() when displaying text??

Note that my code still use the old mysql query and I am aware of that. I want to migrate it to mysqli soon but it will have to wait until I learn how to do so. Meanwhile, please help me with the code that I have now. Thank you    I've looked around the internet to find how to do this and I found two methods:   htmlspecialchars(); and mysql_real_escape_string();   I wrapped my text into one of the two function in order to pass in text with apostrophe in it to the database.   However I encountered a problem.   With mysql_real_escape_string, I got the desired effect that I want but the problem is that, the function also apply its effect onto html img tag. So <img src="test"> turns into <img src=/"test/"> and therefore images (and also links) will not appear.   With htmlspecialchars, again I got the desired function that I want which is to pass in apostrophe into the database. The problem with this is that when I pull the data out from the database and echo it onto my page, it doesn't render and show as a plain html code.   What confuse me a lot is that, it works fine inside my localhost.   Please help  Thank you!  Attached Files  content-insert.php   3.92KB   4 downloads

This topic has been moved to PHP Regex.

http://www.phpfreaks.com/forums/index.php?topic=354362.0

I need to send emails with single apostrophes in the body of my email function. How do I do that without erroring out in my mail function.

Code: [Select]
<?
$to = "myself@gmail.com";
$subject = "test";
 $body='<html><body><font size="1"> We're sending this email.It's been a while</font></body></html>';
 $message=$total;

 $from = "webmaster@example.com";
 $headers  = 'MIME-Version: 1.0' . "\r\n";
 $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
 $headers .= 'From: Admin <Admin@test.com>' . "\r\n";


 // Send email
if(mail($to,$subject,$body,$headers))
{
 // Inform the user
  echo "Your email has been sent";
}
else
{
  echo "MAIL not sent";
}
?>

I am using PHP with ODBC to connect to an existing MSSQL database to query for some names.  When I query a name that has an apostrophe in it, I get an error.

Example typing O'Malley as the name:

Quote

Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near 'malley'., SQL state 37000 in SQLExecDirect



I have used addslashes to the string but get the same result:

Code: [Select]
$string = addslashes($_POST['string']);

$connect = odbc_connect("$mssql_name", "$mssql_user", "$mssql_pass");

$query_mssql = "SELECT pr.NameFirst, pr.NameLast, pr.NameMiddle, pr.Birthdate, p.Barcode, p.OrganizationID
FROM PatronRegistration pr
JOIN Patrons p ON (pr.PatronID = p.PatronID)
WHERE pr.NameLast = '$string'";

$result = odbc_exec($connect, $query_mssql);

Any ideas?

I imagine there are lots of ways to answer this question, so I just want people's opinions as to the best way (if there is one).

I have code with a basic form that submits data to a MySQL database. 

So when someone submits data the first time, I "clean it up" by doing...
Code: [Select]
$_POST['data'] = trim(mysql_prep($_POST['data']));
.. and then submit that info into a "varchar" mySQL field.

Then if the user comes back to edit it, the form comes up and the data they previously entered is pulled into the field this way (I'm leaving out the MySQL to pull the data, obviously)...

Code: [Select]
<input type="text" name="field" value="<?php echo $data;?>">

The problem is that if someone entered this originally...
Code: [Select]
Here is "some" data with apostrophes
...Then when I echo that back into the value of the text field, it would only show...
Code: [Select]
Here is "...and then cuts off because the quotation mark in the data conflicted with the quotation mark after value=

Is htmlentities the answer here, or is there some other/better way?

FYI...


Code: [Select]
function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string") ; //i.e. PHP >= v4.3.0
if($new_enough_php) { //PHP v4.3.0 or higher
//undo any magic quote effects so mysql_real_escape_string can do the work
if($magic_quotes_active) { $value = stripslashes($value) ;}
$value = mysql_real_escape_string($value);
} else { //before php v4.3.0
// if magic quotes aren;t already on then add slashes manually
if(!magic_quotes_active) { $value = addslashes($value); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}

This is something I've been trying to figure out for some time.  I've read blogs and other forums and am still not clear.   Seems that when I pass a variable that has Apostrophe's in the variable, from a form page to the submit page and insert it into the MySql DB table, it inserts OK without any / before the apostrophe.   On the other hand on the same submit page, there is a select query from another table and there are variables with apostrophe's.  These queried variables keep the variables from the form page and the queried DB from inserting into a new table.   So I use mysql_real_escape_string () for the variables queried from the table to be inserted into the new table, don't use mysql_real_escape_string () on the variables passed frm the form page, and everything inserts into the new table just fine.  Displays with no forward slashes.   My confusion comes from when to use mysql_real_escape_string (), stripslashes () and htmlspecialchars().   Also in the reading I was doing, it looks like mysql_real_escape_string () is being replaced with mysqli_real_escape_string (), but when I tried to use it on a variable queried from the DB something like

$username = mysqli_real_escape_string ( $s['username'] )

( $s being 'foreach ( $result as $s )' from the select query.   Thanks in advance for shedding any light on this.

Let me preface this by saying that I've been using php for a while, but never got extremely advanced, so feel free to slap me about for something stupid...

I'm working through a jQuery & PHP book, and I've noticed that he's wrapping all his column and table names in the apostrophe ` when making MySQL queries .   In the past I've never done this.  What does the ` do?  I understand about single quotes and double quotes, but haven't come across the ` being used.  What's the deal?

Hello

my mysql db got row pageurl

pageurl
http://www.google.gr
http://www.yahoo.com
http://www.phpfreaks.com

i whant to echo  11,12,13 letter only  ***********goo******
but i whant to show and count the *******

how can i do this? any idea?

Hi Guys   I have a regex conundrum that at first I thought would be very easy but then appears to be quite hard :/   I want to match a string with a regex where the regex can only pass if it contains letters and numbers (nothing else) and it has to contain at least one of each.   I've been trying out lookaheads but just can't get it right.     Any help is appreciated.    Drongo