PHP - Preventing Apostrophe/quotation Mark Issues

I am having a problem with my code and would be grateful if someone could point me in the right direction. Please see my code below:

<?php
	$dbcon = mysqli_connect('localhost','user','','videos');
	
	$sql='SELECT * FROM videos';
	$result = mysqli_query($dbcon, $sql);

	$row = mysqli_fetch_array($result);
		$image = $row['image'];
		$title = $row['title'];
		$description = $row['description'];

			echo '<a href="#">
				<div class="thumb" style="background-image: url("' . $image . '");"></div>
			      </a>
					</div>
					<div class="column-content">
						<p class="column-title">Latest Video</p>
						<p class="column-heading"><a href="#">' . $title . '</a></p>
							<div class="video-description">
								<p>' . $description . '</p>'

	mysqli_close($dbcon);
?>

Now the connection to the database works, also the title and description is fine too. The problem is with the image. I cannot get it to display and I'm sure it has something to do with the quotation marks but I don't know in what order they should be.

If I just use html the code for the image would be : <div class="thumb" style="background-image: url('image.jpg');"></div> with just a single quotation around the image url.

Any help would be much appreciated.

 

Tony

Hi, I am somewhat new to PHP but I have a little experience. I am having trouble coding this script to set variables with extra quotations and replacing some exploded strings. Here is the script.

Code: [Select]
<?php
$ToCutDown = "[{"parentMessageId":-1,"message":"%3Ca%20href%3D%27%23%27%20class%3D%27standardLink%27%20onclick%3D%27showMobStats%28674542538%29%3B%27%3Eaka%20Bubbles%3C%2Fa%3E%20broadcast%20a%20message%3A%20%3Cfont%20color%3D%27red%27%3E%22Place%20Bounty%20on%20%26quot%3Baka%20Bubbles%26quot%3B%20%28Minimum%20of%20%2418%2C107%2C899%2C000%29%22%3C%2Ffont%3E%2E","id":28152301,"";

$Exploded = explode("[{"parentMessageId":-1,"message":"", $ToCutDown);
$Exploded = explode(","id":28152301,"", $Exploded[0]);
$Exploded = urldecode($Exploded[1]);

$StringReplace = str_replace("<a href='#' class='standardLink' onclick='showMobStats(674542538);'>", "", $Exploded);

?>

So I'm trying to work with specific strings that have quotation marks in them (Which cannot be removed) & I'm having a hard time using them in variables and in any function that requires you to choose parameters with either ' ' or " ".

Any suggestions would be appreciated thanks


MOD EDIT: [code] . . . [/code] tags added.

Hi all... once again I am trying to re-educate my self into PHP after a long gap.

I do not have a problem as such just a question... here is part of my script that doesnot work;


<?

       $sql= "INSERT INTO member (

        username,
        email
    )
VALUES (
        \"$_SESSION['nm_username']\",
        \"$_SESSION['nm_email']\"


)";

?>



The above errors because there are single quotation marks in the session variables. When I remove them the script works and the values of the variables seem to be correct!

My question is - do I NEED the quotation marks in the variable and if so how should I write the query?

Regards

hello, i have this text file attached, and I am currently extracting the data from it.
and yeah, I know how..but the problem is the double quotation marks.
the last double quotation mark doesn't go away,,,am also aware that trim()
only accepts strings. but how come, it does remove  the first double quotation mark
and leave the 2nd one.
here's my script, feel free to download the file and try my script in your own localhost
and tell me what's wrong . Thanks in advance


$fh = fopen('iso3166.txt','r');
while(!feof($fh))
{
  $lines = fgets($fh);
  $parts = explode(",",$lines);
  print trim($parts[1],'"')."<br />";

}
fclose($fh);

Hi guys, I wonder if somebody can help me?

When a user enters details about themselves into a textbox and includes an apostrophe, when the profile is pulled from the MYSQL database the apostrophe is replaced with a \'

How can I get it so when the profile is viewed there is either no backslash

Thanks for any help

Regards
Rob

Hello, I found this great free php calandar script here "" by Xu and Alessandro, and I'm trying to modify the code to mark several dates(birthdays YYYY-mm-dd) from a date column in a sql database.

I've played around with the _showDay() method but I can't seem to get it working.. I've also tried to create a _showBirthday() method to modify the css as well but with no luck. What I'm trying to do is loop through the database to mark the respective dates on the calendar, and have a href to display a new page with the person's name when I click the specific date.

Can anyone help with this. Thanks in advance!

So I really don't think I need to paste the code but

Code: [Select]
<?php
session_start();
?>
<?php
$new_thread_page_path = 'general_discussion_threads/' . $_POST['thread_title'] . '.php';
$new_table_link = '<a href="' . $new_thread_page_path . '"' . 'class="hover" border="0" style="text-decoration:none">' . $_POST['thread_title'] . '</a>';
?>
<?php
date_default_timezone_set('EST');
$date = date("m/d/y");
$hour = date("g");
$minute = date("i");
$second = date("s");
$am_pm = date("a");
$full_date = $date . '  ' . $hour . ":" . $minute . ":" . $second . $am_pm;
$place_holder = '<!--the_place_holder-->';
$current_page_path = 'general_discussion_home.php';
$open_current_page = fopen($current_page_path, 'rb');
$contents_of_current_page = fread($open_current_page, filesize($current_page_path));
$template_path = 'general_discussion_threads/template.php';
$open_template = fopen($template_path, 'rb');
$template_contents = fread($open_template, filesize($template_path)); 
$new_thread_page_path = 'general_discussion_threads/' . $_POST['thread_title'] . '.php';
$list_file_path = 'general_discussion_threads/thread_list.txt';
$list_open = fopen($list_file_path, 'rb');
$list_open_write = fopen($list_file_path, 'a');
$open_new_thread_page = fopen($new_thread_page_path, 'w+');
$list_contents = fread($list_open, filesize($list_file_path));
$thread_exists_test = substr_count($list_contents, '<' . strtolower($_POST['thread_title'] . '>'));
$invalid_character_test = substr_count($_POST['thread_title'], '<');
$invalid_character_test1 = substr_count($_POST['thread_title'], '>');
$the_users_info = $_SESSION['the_user'];
$the_username1 = strstr($_SESSION['the_user'], '.');
$the_username1_wipe = str_replace($the_username1, '', $the_users_info);
$the_username = str_replace('.', '', $the_username1_wipe);
if (isset($_POST['new_thread_post'])) {
if (($_SESSION['logged_in'] == '1') && ($invalid_character_test1 == '0') && ($invalid_character_test == '0') && ($thread_exists_test == '0') && ($_POST['thread_title'] != '') && ($_POST['thread_title'] != 'Enter the title of your Thread...')) {
fwrite($open_new_thread_page, '<?php $the_thread_title = ' . '\'' . $_POST['thread_title'] . '\'' . '; ?>' . $template_contents);
fclose($open_new_thread_page);
fwrite($list_open_write, '<' . strtolower($_POST['thread_title']) . '>');
fclose($list_open_write);
$new_contents =str_replace($place_holder, '<tr><td align="center">' . $new_table_link . '</td>' . '<td align="center">' . '<font color="#66CC00">' . $full_date . '</font>' . '</td>' . '<td align="center">' . '<font color="#66CC00">' . $the_username . '<font>' . '</td>' . '</tr>' . $place_holder, $contents_of_current_page);
$open_current_page = fopen($current_page_path, 'w');
fwrite($open_current_page, $new_contents);
fclose($open_current_page);
$_SESSION['gd_error'] = 'Thread created succesfully!';
} elseif ($_SESSION['logged_in'] != '1') {
$_SESSION['gd_error'] = 'You need to be logged in!';
} elseif ($invalid_character_test != '0') {
$_SESSION['gd_error'] = 'Thread title contains invalid characters!';
} elseif ($invalid_character_test1 != '0') {
$_SESSION['gd_error'] = 'Thread title contains invalid characters!';
} elseif ($thread_exists_test != '0') {
$_SESSION['gd_error'] = 'Thread title unavailable!';
} elseif ($_POST['thread_title'] == '') {
$_SESSION['gd_error'] = 'You must make a thread title!';
} elseif ($_POST['thread_title'] == 'Enter the title of your Thread...') {
$_SESSION['gd_error'] = 'You must make a thread title!';
}
}
?>


So what all this does is based on user input it creates a new html page based off of the template with a few different variables based on input. Then it makes a new row  and 3 cells in the home pages thread table that link to the page say who made it and what time they made it. Now it all works PERFECT (Im suprised how perfect on the first try actually) except for 1 tiny flaw which i think might be php not me but im not sure. The fwrite creates a new file but if the input contains any question marks (?) the link will work but no file will be created. For everyother character on teh standard keyboard its fine but not the question mark. What gives? thanks yall!

MOD EDIT: <code></code> tags changed to proper [code] . . . [/code] BBCode tags.

Hi ppl,

I have problem in preparing the sql statement which requires attribrute from another sql statement.

This is the scenario as in PHP code.

$sql1="SELECT attrb1 from table1";

$sql2="SELECT attrb2 fromt table2 where attrb3=".$sql['attrb1']";

What and where is the correct placement of these s'quotes or d'quotes should be?

Please help.
Thank you.

I have the following code to search my database (obviously some of the surrounding code is not provided) but I hope this provides enough for me to be clear about my problem) :

$sql="SELECT *  FROM member_details WHERE state='$state' AND location='$locn' ORDER BY Surname, Given_name";
       $result=mysqli_query($conn, $sql) or die("Error in selection -".mysqli_error($conn));
       $numrows=mysqli_num_rows($result);
       if($numrows==0)
   {
      echo "There are no members listed in this State/Territory/location.";
   }
   else
   {         
                while($row=mysqli_fetch_array($result))
           {
                        $surname=$row['Surname'];
                        if (strstr($surname, "'")) 
                        echo "yes";
                        else echo "no";
                }
         }
This works fine if I am searching for a surname that contains a letter such as ''a".  However when I search on the apostrophe, even though I know I have several surnames in the database which contain the apostrophe, I get a 'no' response for all of them.


Thank you.
Can anyone see what I am doing wrong here please or suggest a different approach? 

I'm a little rusty on my PHP skills, so this (probably simple) problem has me stumped.  I have a search engine which retrieves from a database with titles, of which some of those titles have apostrophes within them.  There can also be several authors for a single title, so I've set up this code to retrieve and give each author a different url to their page:

Code: [Select]
$select_author = mysql_query("SELECT DISTINCT author FROM archives WHERE `title` = '$title' AND `year` = '$year' AND `category` = '$category' AND `group` = '$group' ") or die(mysql_error());
However, whenever an apostrophe appears for the $title I get this error:

Quote

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll Have Lemonade, Please' AND `year` = '2002' AND `category` = 'Lemon' AND `grou' at line 1


The full title is "I'll Have Lemonade, Please," and you can see where the problem lies.  I've tried replacing the "`title` = '$title'" with "`title` = '%s'", but then none of the authors will appear.

Anyone have any suggestions on how to fix this problem?  Thanks in advance, and here's the full code:

Code: [Select]
<?php

if(isset($_POST[search])) {

$title = strtolower(strip_tags(mysql_escape_string($_POST['title'])));
$author = strtolower(strip_tags(mysql_escape_string($_POST['author'])));
$summary = strtolower(strip_tags(mysql_escape_string($_POST['summary'])));
$category = strip_tags(mysql_escape_string($_POST['category']));
$group = strip_tags(mysql_escape_string($_POST['group']));
$rating = strip_tags(mysql_escape_string($_POST['rating']));
$year = strip_tags(mysql_escape_string($_POST['year']));

$termsArray = array();

if(!empty($author))
{
$termsArray[] = "author LIKE '%$author%'";
}

if(!empty($title))
{
$termsArray[] = "title LIKE '%$title%'";
}

if(!empty($summary))
{
$termsArray[] = "summary LIKE '%$summary%'";
}

if (count($termsArray) > 0){
   $terms = implode(" AND ", $termsArray);
   $terms = " WHERE ".$terms;
   unset($termsArray); //clear memory, cause we're finished using this.
}

$join = (empty($title) && empty($author) && empty($summary)) ? "WHERE" : "AND";

$sql_category = ($category == all) ? "" : "$join `category`='$category'";

if ($sql_category != ""){
   $join = "AND";
}

$sql_group = ($group == all) ? "" : "$join `group`='$group'";

if ($sql_group != ""){
   $join = "AND";
}

$sql_rating = ($rating == all) ? "" : "$join `rating`='$rating'";

if ($sql_rating != ""){
   $join = "AND";
}

$sql_year = ($year == all) ? "" : "$join year='$year'";

$qSearch = "SELECT * FROM archives
$terms $sql_category $sql_group $sql_rating $sql_year
GROUP BY url ORDER BY title ASC, author ASC";

$rsSearch = mysql_query($qSearch) or die(mysql_error());

$end = '';
if (mysql_num_rows($rsSearch) >= 2)
{
$end = 's';
}

if (mysql_num_rows($rsSearch) == 0)
{
print '<p>Sorry, there were no results returned for your search. Please try again.</p>';
}
else
{
print '<center><p><b>'.mysql_num_rows($rsSearch).'</b> title'.$end.' found.</p></center>';

echo '<ol>';

while ($row = mysql_fetch_array($rsSearch))
{
extract($row);

$select_author = mysql_query("SELECT DISTINCT author FROM archives WHERE `title` = '$title' AND `year` = '$year' AND `category` = '$category' AND `group` = '$group' ") or die(mysql_error());

$aut = "";
while ($row3 = mysql_fetch_array($select_author)) {
   $aut .= "<a href=\"author.php?author={$row3[author]}\">$row3[author]</a> & ";
}

$aut = substr($aut,0,-3);

$my_code = urlencode($title);
$my_author = urlencode($author);

echo '<li><a href="info.php?author='.$my_author.'&title='.$my_code.'">'.$title.'</a> by '.$aut.'</li>';

}
echo '</ol>'; 

}
}
?>

Hi ,       I have a website which uses apostrophe in merchant names (craig's) and Product name (Fresh goat's). If I try click on the search pages using these names with apostrophe then it displays the following error.   Error: SELECT * FROM merchant WHERE user_name='Major_Craig's_Chutney' && is_active='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's_Chutney' && is_active='1'' at line 1   I tried to add an apostrophe in php file of  merchant search but still it shows up the same error or empty page.    can anyone help me on this????

Note that my code still use the old mysql query and I am aware of that. I want to migrate it to mysqli soon but it will have to wait until I learn how to do so. Meanwhile, please help me with the code that I have now. Thank you    I've looked around the internet to find how to do this and I found two methods:   htmlspecialchars(); and mysql_real_escape_string();   I wrapped my text into one of the two function in order to pass in text with apostrophe in it to the database.   However I encountered a problem.   With mysql_real_escape_string, I got the desired effect that I want but the problem is that, the function also apply its effect onto html img tag. So <img src="test"> turns into <img src=/"test/"> and therefore images (and also links) will not appear.   With htmlspecialchars, again I got the desired function that I want which is to pass in apostrophe into the database. The problem with this is that when I pull the data out from the database and echo it onto my page, it doesn't render and show as a plain html code.   What confuse me a lot is that, it works fine inside my localhost.   Please help  Thank you!  Attached Files  content-insert.php   3.92KB   4 downloads

Hi Friends, I am Anes
I want to ensure all surnames are uppercase in php
I use       $surname = ucfirst(strtolower($dataField));

How do I ensure that any names such as O'Brien, don't result in O'brien

thanks   

Hi Guys

I have this PHP Upload Scripts below which uploads file of customers into the customers folder and at the same time inserts the file path into the database.

The problems is for name like O'hare or O'neil its uploads into the customers folder but does not insert the file path into the database - probably because of the " ' " apostrophe

From the code below is there anyway I can deal with this issue?  Thanks alot

Code: [Select]
<?php 
//This php block of code will takecare of inserting the upload variables into the db

if(isset($_POST['submitbutton'])) {
$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';
$target_path = $target_path . basename( $_FILES['upload']['name']);
$manager= mysql_real_escape_string($_POST['username']);
$upload =  $_FILES['upload']['name'];
$check_id = mysql_real_escape_string($_POST['id']);
$submitbutton= mysql_real_escape_string($_POST['submitbutton']);



if($submitbutton)
{
if($manager&&$upload)
{
if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);
echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];

$insert=mysql_query("INSERT INTO img_up (username,upload,id,target_path,img_date) VALUES ('$manager','$upload','$check_id','$target_path', now()) ");

// Where the file is going to be placed 
$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['upload']['name']); 

$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

$target_path = $target_path . basename( $_FILES['upload']['name']); 

if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);
echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];
}


}
}
else
{
echo "There was an error uploading the file, please try again!";
}
}
 header("location: mainupload_complete.php?id=$check_id"); 
}
?>

I am having trouble, because I am trying to enter a string, such as this into a database field:

$string = "There's trouble ahead because they're silly.";

Ofcourse, MySQL craps out because of the apostrophes.

So I did this:

$string = mysql_real_escape_string($string);

This is entered into the database, however it is entered as this:

"There\'s trouble ahead because they\'re silly."

I was wondering how I can enter apostrophes, without entering a backslash, because now when I pull the text from the DB and display it on a page, I get a backslash in front of all apostrophes.

HELP!  Please!

Is the only way around this to add slashes, then use stripslashes() when displaying text??