Hello everybody I want to avoid the errors that occur when I post a text that contain the ' sign and put it in a mysql query
someone told me that theres a function in php to do that
but I want to use it manually because he told me that this function doesnt allow much encoding types such as persian and arabic
I tried the following code:

require("database_connection.php"); //to handle the connection to the database
$GivenVar = str_replace("'","\\'",$GivenVar); //to replace the normal ' with \\' so that mySQL recognizes it as \' and works
mysql_query("insert into mytable(text) values('$GivenVar')",$my_connection);
echo 'Success!';

but there was no result and the message that says 'Success!' didnt appear!

6 Years
Discussion Span
Last Post by Pro2000

'someone' is wrong, sanitizing filters are smarter than that,

this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set[/b] then the entire string is rejected resulting in a 0-length string.

My bold, aware of character set, if you set correct encoding everything works http://php.net/manual/en/filter.filters.sanitize.php full description all the filters available (in english, the farsi links dont work)

Edited by diafol: fixed formatting


Thanx but ist wrong to use my code???
And whats wrong with my code why isnt it printing the required text???


I think you should change the second line from your code so it becomes:

$GivenVar = str_replace("'",'\'',$GivenVar);

Hope it helps.


Yes it works perfectly
but what about the use of it instead of the function Ive talked about???


Since you're trying to insert this text into a database, you can use the addslashes function like the following:

$GivenVar = addslashes($GivenVar)

This function puts slashes before the special characters like the single quotation mark so you avoid the manual use of the function you've written.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.