PHP - Moved: Apostrophe In Verification String

This topic has been moved to PHP Regex.

http://www.phpfreaks.com/forums/index.php?topic=351099.0

I have the following code to search my database (obviously some of the surrounding code is not provided) but I hope this provides enough for me to be clear about my problem) :

$sql="SELECT *  FROM member_details WHERE state='$state' AND location='$locn' ORDER BY Surname, Given_name";
       $result=mysqli_query($conn, $sql) or die("Error in selection -".mysqli_error($conn));
       $numrows=mysqli_num_rows($result);
       if($numrows==0)
   {
      echo "There are no members listed in this State/Territory/location.";
   }
   else
   {         
                while($row=mysqli_fetch_array($result))
           {
                        $surname=$row['Surname'];
                        if (strstr($surname, "'")) 
                        echo "yes";
                        else echo "no";
                }
         }
This works fine if I am searching for a surname that contains a letter such as ''a".  However when I search on the apostrophe, even though I know I have several surnames in the database which contain the apostrophe, I get a 'no' response for all of them.


Thank you.
Can anyone see what I am doing wrong here please or suggest a different approach? 

I'm a little rusty on my PHP skills, so this (probably simple) problem has me stumped.  I have a search engine which retrieves from a database with titles, of which some of those titles have apostrophes within them.  There can also be several authors for a single title, so I've set up this code to retrieve and give each author a different url to their page:

Code: [Select]
$select_author = mysql_query("SELECT DISTINCT author FROM archives WHERE `title` = '$title' AND `year` = '$year' AND `category` = '$category' AND `group` = '$group' ") or die(mysql_error());
However, whenever an apostrophe appears for the $title I get this error:

Quote

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll Have Lemonade, Please' AND `year` = '2002' AND `category` = 'Lemon' AND `grou' at line 1


The full title is "I'll Have Lemonade, Please," and you can see where the problem lies.  I've tried replacing the "`title` = '$title'" with "`title` = '%s'", but then none of the authors will appear.

Anyone have any suggestions on how to fix this problem?  Thanks in advance, and here's the full code:

Code: [Select]
<?php

if(isset($_POST[search])) {

$title = strtolower(strip_tags(mysql_escape_string($_POST['title'])));
$author = strtolower(strip_tags(mysql_escape_string($_POST['author'])));
$summary = strtolower(strip_tags(mysql_escape_string($_POST['summary'])));
$category = strip_tags(mysql_escape_string($_POST['category']));
$group = strip_tags(mysql_escape_string($_POST['group']));
$rating = strip_tags(mysql_escape_string($_POST['rating']));
$year = strip_tags(mysql_escape_string($_POST['year']));

$termsArray = array();

if(!empty($author))
{
$termsArray[] = "author LIKE '%$author%'";
}

if(!empty($title))
{
$termsArray[] = "title LIKE '%$title%'";
}

if(!empty($summary))
{
$termsArray[] = "summary LIKE '%$summary%'";
}

if (count($termsArray) > 0){
   $terms = implode(" AND ", $termsArray);
   $terms = " WHERE ".$terms;
   unset($termsArray); //clear memory, cause we're finished using this.
}

$join = (empty($title) && empty($author) && empty($summary)) ? "WHERE" : "AND";

$sql_category = ($category == all) ? "" : "$join `category`='$category'";

if ($sql_category != ""){
   $join = "AND";
}

$sql_group = ($group == all) ? "" : "$join `group`='$group'";

if ($sql_group != ""){
   $join = "AND";
}

$sql_rating = ($rating == all) ? "" : "$join `rating`='$rating'";

if ($sql_rating != ""){
   $join = "AND";
}

$sql_year = ($year == all) ? "" : "$join year='$year'";

$qSearch = "SELECT * FROM archives
$terms $sql_category $sql_group $sql_rating $sql_year
GROUP BY url ORDER BY title ASC, author ASC";

$rsSearch = mysql_query($qSearch) or die(mysql_error());

$end = '';
if (mysql_num_rows($rsSearch) >= 2)
{
$end = 's';
}

if (mysql_num_rows($rsSearch) == 0)
{
print '<p>Sorry, there were no results returned for your search. Please try again.</p>';
}
else
{
print '<center><p><b>'.mysql_num_rows($rsSearch).'</b> title'.$end.' found.</p></center>';

echo '<ol>';

while ($row = mysql_fetch_array($rsSearch))
{
extract($row);

$select_author = mysql_query("SELECT DISTINCT author FROM archives WHERE `title` = '$title' AND `year` = '$year' AND `category` = '$category' AND `group` = '$group' ") or die(mysql_error());

$aut = "";
while ($row3 = mysql_fetch_array($select_author)) {
   $aut .= "<a href=\"author.php?author={$row3[author]}\">$row3[author]</a> & ";
}

$aut = substr($aut,0,-3);

$my_code = urlencode($title);
$my_author = urlencode($author);

echo '<li><a href="info.php?author='.$my_author.'&title='.$my_code.'">'.$title.'</a> by '.$aut.'</li>';

}
echo '</ol>'; 

}
}
?>

Hi ,       I have a website which uses apostrophe in merchant names (craig's) and Product name (Fresh goat's). If I try click on the search pages using these names with apostrophe then it displays the following error.   Error: SELECT * FROM merchant WHERE user_name='Major_Craig's_Chutney' && is_active='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's_Chutney' && is_active='1'' at line 1   I tried to add an apostrophe in php file of  merchant search but still it shows up the same error or empty page.    can anyone help me on this????

This topic has been moved to PHP Regex.

http://www.phpfreaks.com/forums/index.php?topic=320682.0

This topic has been moved to PHP Regex.

http://www.phpfreaks.com/forums/index.php?topic=319445.0

This topic has been moved to PHP Regex.

http://www.phpfreaks.com/forums/index.php?topic=358198.0

This topic has been moved quickly to PHP Regex because I need to go to work instead of lurking phpfreaks.

http://www.phpfreaks.com/forums/index.php?topic=359460.0

Hi Friends, I am Anes
I want to ensure all surnames are uppercase in php
I use       $surname = ucfirst(strtolower($dataField));

How do I ensure that any names such as O'Brien, don't result in O'brien

thanks   

Hi Guys

I have this PHP Upload Scripts below which uploads file of customers into the customers folder and at the same time inserts the file path into the database.

The problems is for name like O'hare or O'neil its uploads into the customers folder but does not insert the file path into the database - probably because of the " ' " apostrophe

From the code below is there anyway I can deal with this issue?  Thanks alot

Code: [Select]
<?php 
//This php block of code will takecare of inserting the upload variables into the db

if(isset($_POST['submitbutton'])) {
$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';
$target_path = $target_path . basename( $_FILES['upload']['name']);
$manager= mysql_real_escape_string($_POST['username']);
$upload =  $_FILES['upload']['name'];
$check_id = mysql_real_escape_string($_POST['id']);
$submitbutton= mysql_real_escape_string($_POST['submitbutton']);



if($submitbutton)
{
if($manager&&$upload)
{
if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);
echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];

$insert=mysql_query("INSERT INTO img_up (username,upload,id,target_path,img_date) VALUES ('$manager','$upload','$check_id','$target_path', now()) ");

// Where the file is going to be placed 
$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['upload']['name']); 

$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

$target_path = $target_path . basename( $_FILES['upload']['name']); 

if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);
echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];
}


}
}
else
{
echo "There was an error uploading the file, please try again!";
}
}
 header("location: mainupload_complete.php?id=$check_id"); 
}
?>

I am having trouble, because I am trying to enter a string, such as this into a database field:

$string = "There's trouble ahead because they're silly.";

Ofcourse, MySQL craps out because of the apostrophes.

So I did this:

$string = mysql_real_escape_string($string);

This is entered into the database, however it is entered as this:

"There\'s trouble ahead because they\'re silly."

I was wondering how I can enter apostrophes, without entering a backslash, because now when I pull the text from the DB and display it on a page, I get a backslash in front of all apostrophes.

HELP!  Please!

Is the only way around this to add slashes, then use stripslashes() when displaying text??

Note that my code still use the old mysql query and I am aware of that. I want to migrate it to mysqli soon but it will have to wait until I learn how to do so. Meanwhile, please help me with the code that I have now. Thank you    I've looked around the internet to find how to do this and I found two methods:   htmlspecialchars(); and mysql_real_escape_string();   I wrapped my text into one of the two function in order to pass in text with apostrophe in it to the database.   However I encountered a problem.   With mysql_real_escape_string, I got the desired effect that I want but the problem is that, the function also apply its effect onto html img tag. So <img src="test"> turns into <img src=/"test/"> and therefore images (and also links) will not appear.   With htmlspecialchars, again I got the desired function that I want which is to pass in apostrophe into the database. The problem with this is that when I pull the data out from the database and echo it onto my page, it doesn't render and show as a plain html code.   What confuse me a lot is that, it works fine inside my localhost.   Please help  Thank you!  Attached Files  content-insert.php   3.92KB   4 downloads

This topic has been moved to Third Party PHP Scripts.

http://www.phpfreaks.com/forums/index.php?topic=345200.0

This topic has been moved to PHP Regex.

http://www.phpfreaks.com/forums/index.php?topic=345658.0

This topic has been moved to PHP Regex.

http://www.phpfreaks.com/forums/index.php?topic=322578.0