PHP - Apostrophe Vs Single Quote In Mysql Query

I have a form that people can fill out, and then it echos the string, however right now they can't use single quotes. Below is how I have it settup.
Code: [Select]
$side = '<p>About Me:</p>
<ul>
    <li>Birth Date: October, 23rd, 2010</li>
    <li>Hometown: Rapid City, SD</li>
    <li>Height: 4\'</li>
    <li>Weight: 50lbs</li>
    <li>Foot Size: 4</li>
    <li>Favorite Movie: All of the Shrek Movies!</li>
    <li>Favorite Book: Winnie the Pooh Series</li>
    <li>Favorite Cartoon Character: Eeyore or Donkey from Shrek!</li>
    <li>Favorite TV Show: Anything on Animal Planet!</li>
    <li>Favorite Food: Hay</li>
    <li>Favorite Pro Sports Team: Rapid City Rush</li>
    <li>Favorite Mascot:  Nugget, of course!</li>
    <li>Favorite Game: Donkey Kong!<br />
    &nbsp;</li>
</ul>';
      if ($side != NULL){
         echo "<div class=\"grid_6\" id=\"tertiary\">
         $side
      </div>";
      }else{
 
  }
And I would be able to use $side = "whatever I want to write"; because then they would still need to escape the double quotes with \" if they wanted to put in a link or anything. How do I do this with allowing them to just use single quotes when they enter their data so they don't have to \' (escape the single quote)?

Thanks

This will have been posted before, but I can't find a solution that works.  Most people say to try mysql_real_escape_string, I have tried lots of variations and it doesn't seem to work.

Could anyone help with the below code?  It is part of a form that returns a syntax error when adding a single quotation mark e.g. entering "Bryan's" into the form causes the error.

I'd be really grateful for any assistance.

Steven

P.S. Before anyone mentions it, the mysql connect does work - I just haven't included the full page of code.

Code: [Select]

mysql_connect($dbserver, $dbusername, $dbpassword);
mysql_select_db($dbname);

$sitetitle = htmlentities($_POST[sitetitle]);

$query = mysql_query("UPDATE site_settings SET sitetitle = '$sitetitle'");

echo("<b>Settings Updated!</b>");

Hi,

I am able to parse php variable in double quote but not in single quote.

How can I parse in single quote.

Following example shows 2 results and I want same result in both.

First Name :    Zohaib
First Name :    $firstname

Code: [Select]
// Connecting, selecting database
$link = mysql_connect('localhost', 'root', 'password');
mysql_select_db('dbname');

// Performing SQL query
$query = 'SELECT first_name FROM tablename';
$result = mysql_query($query);

// Printing results in HTML
while ($row = mysql_fetch_assoc($result)) {
$firstname=$row['first_name'];
}

echo"<table>
<tr>
<td>First Name : </td>
<td>$firstname</td>
</tr></table>";

echo'<table>
<tr>
<td>First Name : </td>
<td>$firstname</td>
</tr></table>';
What are the changes I need to do to achieve same result.

Any solution ?

- Thanks.

Hi, I'm trying to type in a name of a song into an input field, for example:
I'll Be Missing you

This field is captured through $_POST and set to a variable $title

I then update the table with this new title. Once it is updated, all that is shown in the data is:

I

The single quote, and anything after it is gone completely.
Here is my query. How can I change this so it includes the single quote and everything after it?

$sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value";
        $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);  

If more code is required to understand what I'm talking about, let me know.

Is there a difference between a single quote regex and and double quote regex ?   for example :

<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>

Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM.

Hi
I have a simple form and when the user submits, php is putting a \ before every single quote entered in the field. So for example, if a user enters O'Neill, once i do
$lastName = $_POST["lastname"];

$lastName comes back as: O\'Neill

is there some way I can turn this off?

I am having trouble, because I am trying to enter a string, such as this into a database field:

$string = "There's trouble ahead because they're silly.";

Ofcourse, MySQL craps out because of the apostrophes.

So I did this:

$string = mysql_real_escape_string($string);

This is entered into the database, however it is entered as this:

"There\'s trouble ahead because they\'re silly."

I was wondering how I can enter apostrophes, without entering a backslash, because now when I pull the text from the DB and display it on a page, I get a backslash in front of all apostrophes.

HELP!  Please!

Is the only way around this to add slashes, then use stripslashes() when displaying text??

This is something I've been trying to figure out for some time.  I've read blogs and other forums and am still not clear.   Seems that when I pass a variable that has Apostrophe's in the variable, from a form page to the submit page and insert it into the MySql DB table, it inserts OK without any / before the apostrophe.   On the other hand on the same submit page, there is a select query from another table and there are variables with apostrophe's.  These queried variables keep the variables from the form page and the queried DB from inserting into a new table.   So I use mysql_real_escape_string () for the variables queried from the table to be inserted into the new table, don't use mysql_real_escape_string () on the variables passed frm the form page, and everything inserts into the new table just fine.  Displays with no forward slashes.   My confusion comes from when to use mysql_real_escape_string (), stripslashes () and htmlspecialchars().   Also in the reading I was doing, it looks like mysql_real_escape_string () is being replaced with mysqli_real_escape_string (), but when I tried to use it on a variable queried from the DB something like

$username = mysqli_real_escape_string ( $s['username'] )

( $s being 'foreach ( $result as $s )' from the select query.   Thanks in advance for shedding any light on this.

SQLITE has syntax like

' WHERE MATCH ( 'colname : "one two" )' 
 //My pdo sql query 
$sql .= MATCH 'colname : "?" )'; $pdo->bindValue(1,$text);`

But Pdo placeholders can't have quotes around them. So this does not work. I tried a million variations of the placeholder syntax "?" "" ? "" """ ? """ \" ? \" . But nothing works.

Errors I get : General error: 1 near "?" | 25 column index out of range . Also for this query : MATCH  ( names: ? AND categoryids: ? ) , the error is: `General error: 1 unrecognized token: ":"`

Would really love some help here.. Thanks

Edited March 29, 2019 by requinix
removing bad styling

I can use the first while loop, but there is no data in the second while loop. Is there a better way as I have never done this before...

Code: [Select]
              <?php
                $featured_results = mysql_query("SELECT * FROM products LEFT JOIN product_images ON products.product_id=product_images.product_id WHERE products.product_featured='1' AND products.product_active='1' AND thumb='1'");

$fa=0;
while($featured_row = mysql_fetch_assoc($featured_results))
   {
$fthumb_result = mysql_query("SELECT image_name FROM product_images WHERE product_id='".$featured_row['product_id']."' AND thumb='1'");
$fthumb = mysql_fetch_row($fthumb_result);

if ($fa==0) {
echo "\n<img id=\"home-slider-photo-".$fa."\" class=\"home-slider-photo preload\" src=\"/includes/getimage.php?img=".$fthumb[0]."&w=370&h=370\" alt=\"\" />";
} else {
echo "\n<img id=\"home-slider-photo-".$fa."\" class=\"home-slider-photo preload home-slider-photo-unsel\" src=\"/includes/getimage.php?img=".$fthumb[0]."&w=370&h=370\" alt=\"\" />";
}
$fa++;
}

echo "<div id=\"home-slider-photo-price\">";
$fb=0;
while($featured_row2 = mysql_fetch_assoc($featured_results))
   {
if ($fb==0) {
echo "\n<div id=\"home-slider-photo-price-".$fb."\" class=\"home-slider-photo-price\">\n<span>only</span>$".$featured_row2['product_price']."\n</div>";
} else {
echo "\n<div id=\"home-slider-photo-price-".$fb."\" class=\"home-slider-photo-price home-slider-photo-price-unsel\">\n<span>only</span>$".$featured_row2['product_price']."\n</div>";
}
$fb++;
}
echo "</div>";
?>

Greetings,

I'm looking for a way to pass a query string (from page1) as part of a query string (to page2) as a single key=>value pair. The idea is the use the query string to return the user to the previous page after the action has been completed.

query results[page1]->view record/action selection[page2]->back to results[page1]

I'm sure someone has been down this path before. P.S. the script is all contained within one file, thus the filename.ext is already known.

Thanks

Hi everyone, I used to know the function, but it was a very long time ago, for when you need to just extract a single value from a query... instead of having to use mysql_fetch_assoc in a while loop to build an array...

e.g.
Code: [Select]
$TheResultingFieldValue = mysql_fetch_SOMETHING(mysql_query("SELECT aField FROM aTable WHERE anotherField = 'aCondition'"));

I have a table that contains the schools in my system:

schools
id
name
location
...

Then, I have three tables that use the id of this table:

schoolAdmins
schoolID

schoolContests
schoolID

students
schoolID

When I go to delete a school from my system, I want to check to see if that school is connected to any of these three other tables first.  This is what I tried (but obviously failed because I'm here) where I'm passing the query the $studentID in question:

SELECT * FROM schoolAdmins, schoolContests, students WHERE (schoolAdmins.schoolID = $schoolID) OR (schoolContests.schoolID = $schoolID) OR (students.schoolID = $schoolID)

I'm really new to the concept of querying multiple tables in a single statement, so I'm just kind of guessing at this point.  Thanks in advance.

Hey, I was wondering if there is a way to pull multiple rows at once using a list of unique identifiers. For example, I want to pull the rows with the IDs of 4,13,91 and 252

I know the WHERE part of this query is incorrect, but I'm putting it to hopefully help you guys understand what I'm looking for.

$result = mysql_query("SELECT * FROM $table WHERE id='4' OR '13' OR '91' OR '252'");
while($row = mysql_fetch_array($result))
{
echo($row['name']);
}


Or is the best way simply to do it one query at a time without a while statement? There could be as many as a few dozen records being pulled per page.

Here is my code:
// Start MySQL Query for Records
$query = "SELECT codes_update_no_join_1b" .
"SET orig_code_1 = new_code_1,
       orig_code_2 = new_code_2" .
"WHERE concat(orig_code_1, orig_code_2) = concat(old_code_1, old_code_2)";
$results = mysql_query($query) or die(mysql_error());
// End MySQL Query for Records


This query runs perfectly fine when run direct as SQL in phpMyAdmin, but throws this error when running in my script??? Why is this???

Code: [Select]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= new_code_1, orig_code_2 = new_code_2WHERE concat(orig_code_1, orig_c' at line 1