Submit Your Article Forum Rules

Results 1 to 8 of 8

Thread: single quote in mysql record

  1. #1
    Senior Member
    Join Date
    Aug 2007
    Location
    Manitou Springs, Co
    Posts
    121

    single quote in mysql record

    What do I need to do to insert a record into a table that has a variable that contains a single quote " ' " ? When the varible contains a string such as "Tom's" ( $variable="Tom's" ) it does not insert into the table for me.

    Thanks,
    Randy
    Website design & development by Randy.

  2. #2
    WebProWorld MVP DaveSawers's Avatar
    Join Date
    Dec 2006
    Location
    Lunenburg, Nova Scotia, Canada
    Posts
    704

    Re: single quote in mysql record

    You have to escape the single quote, so if you're using PHP, something like:

    $query = "insert ... var='Tom\'s', ..."

    or using your example directly, you could alternatively use:

    $variable = "Tom's";
    addslashes($variable);

    to do the same thing. addslashes is an internal PHP function: PHP: addslashes - Manual
    Dynamic Software Development
    www.activeminds.ca

  3. #3
    Member
    Join Date
    Oct 2005
    Posts
    37

    Re: single quote in mysql record

    Hi,

    Instead of addslashes() which means you then have to use stripslashes() when re-displaying it, I prefer to use mysql_real_escape_string() which drops it in without messing around with anything.

    Cheers,
    Niggles
    -------------------------------------------------
    World Music World - bringing the World's Folk Music Cultures Together
    http://www.worldmusicworld.com/
    -------------------------------------------------

  4. #4
    Junior Member
    Join Date
    Nov 2004
    Posts
    20

    Re: single quote in mysql record

    I always thought that addslashes() was functionally the same as mysql_real_escape_string(), but when niggles posted that, I Googled the subject a bit to find the actual difference.

    Turns out that there are some security benefits to mysql_real_escape_string():

    Chris Shiflett: addslashes() Versus mysql_real_escape_string()

    Although, some have posited that true security comes only from prepared statements:

    mysql_real_escape_string() versus Prepared Statements - iBlog - Ilia Alshanetsky

  5. #5
    Junior Member
    Join Date
    Aug 2007
    Posts
    12

    Re: single quote in mysql record

    Whenever I receive data from an untrusted source I do a string replace and change a quote (') to a tick (`) character. Even if I forget to change it back later for display purposes, people get the idea anyway.

    If it is a trusted source of mine, it does not have a quote (') in the first place.

  6. #6
    Senior Member
    Join Date
    Aug 2007
    Location
    Manitou Springs, Co
    Posts
    121

    Re: single quote in mysql record

    Thanks for all the great information, just what I was looking for and more.

    Best Regards,
    Randy
    Website design & development by Randy.

  7. #7
    Junior Member
    Join Date
    Oct 2005
    Posts
    13

    Re: single quote in mysql record

    nggles, you don't have to use strpslashes after usng addslashes unless you're dong t on user nput *and* you have magc quotes turned on. of course f magc quotes s turned on, apostrophes are already nserted correctly and addslashes s not needed (when dealng wth user data)

  8. #8
    Junior Member
    Join Date
    May 2011
    Posts
    1

    Why backslash is adding in MySql automatically?

    Why backslash is adding automatically in MySql database automatically if single or double quote?

    Example:

    'value' = '\value'\


    Please help me..

Similar Threads

  1. PHP, check if a record was inserted via MySQL...
    By morestar in forum IT Discussion Forum
    Replies: 20
    Last Post: 11-04-2009, 11:20 PM
  2. Looking for SEO Quote.
    By fulleffect in forum Items For Sale
    Replies: 2
    Last Post: 11-19-2008, 09:15 AM
  3. Quote of the ------------------------------> Day 5th Jan
    By JuniorOnline in forum The Castle Breakroom (General: Any Topic)
    Replies: 1
    Last Post: 01-05-2006, 03:17 AM
  4. Find-A-Quote.com
    By panther in forum Submit Your Site/Logo For Review
    Replies: 22
    Last Post: 08-01-2005, 12:49 PM
  5. Can I quote you on that? :)
    By wenwilder in forum The Castle Breakroom (General: Any Topic)
    Replies: 8
    Last Post: 11-21-2003, 12:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •