| From: | "Mitch Vincent" <mvincent(at)cablespeed(dot)com> |
|---|---|
| To: | <pgsql-php(at)postgresql(dot)org> |
| Subject: | Re: Re(2): Test (fwd) |
| Date: | 2001-06-14 22:57:43 |
| Message-ID: | 004601c0f525$8b7d3e90$0200000a@Mitch |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
The apostrophe being a special character in PostgreSQL (and most other
databases), it needs to be escaped if you wish it to go nicely into a
query..
addslashes() and related functions will help there.
Another thing to keep in mine is htmlspecialchars() -- it's very useful
when someone might put a double quote in your form field -- which could
seriously mess up when you have something like <INPUT TYPE="TEXT"
NAME="Whatever" VALUE="this is what I'm "talking" about"> , sort of thing.
I missed the first post so please excuse me if I'm way off base.. Good
luck!
-Mitch
----- Original Message -----
From: "Adam Lang" <aalang(at)rutgersinsurance(dot)com>
To: <pgsql-php(at)postgresql(dot)org>
Sent: Thursday, June 14, 2001 1:28 PM
Subject: Re: Re(2): [PHP] Test (fwd)
> It could fluctuate on each database, so always check the appropriate
> documentation, but...
>
> the standard way usually is to double the apostrophe
>
> O'Brien would be O''Brien (the middle is two apostrophes, not a quote)
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Gary Hoffman" <ghoffman(at)ucsd(dot)edu>
> To: <pgsql-php(at)postgresql(dot)org>
> Cc: <aalang(at)rutgersinsurance(dot)com>
> Sent: Thursday, June 14, 2001 1:12 PM
> Subject: Re(2): [PHP] Test (fwd)
>
>
> > aalang(at)rutgersinsurance(dot)com writes:
> > >
> > >Plus, you have to make sure to check for apostrophes. That will break
> > >your
> > >SQL statement if someone typed them into the text field.
> > >
> >
> > Well, this caveat had never occured to me. So how does someone enter
> > strings with enclosed apostrophes, as in the Irish surname O'Mallory or
> > the Yemeni placename Sana'a?
> >
> > Gary
> >
> >
**************************************************************************
> > * Gary B. Hoffman, Computing Services Manager e-mail: ghoffman(at)ucsd(dot)edu
*
> > * Graduate School of International Relations and Pacific Studies (IR/PS)
*
> > * University of California, San Diego (UCSD) voice: (858) 534-1989
*
> > * 9500 Gilman Dr. MC 0519 fax: (858) 534-3939
*
> > * La Jolla, CA 92093-0519 USA web: http://www-irps.ucsd.edu/
*
> >
**************************************************************************
> >
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mitch Vincent | 2001-06-14 23:00:09 | Re: Re: Re(2): Test (fwd) |
| Previous Message | Timothy_Maguire | 2001-06-14 18:25:47 | Re: Re(2): Test (fwd) |