Well, I can't say it correctly, I'm sure the title is not what I meant, I just didn't know how to say it... But anyways, I inserted some text in a table in a dtabase, for SQL injection reasons, I stripslashed it or should I say "I used real_escape_string" But when I'm selecting and showing this text on a page, wherever there is a " ' " symbol, all the rest of the text is gone... Here is an example:
After inserting this text: "I'm really cool", when trying to put the text on a web page (with the select command), here is what I get: "I" I think it's because of the " ' " symbol, because when I take a look at the table, it's well written.
I hope you understand me. Thank you.

Member Avatar

Show the code you're using to echo the string. mysql_real_escape_string shouldn't cause you to have to use stripslashes. You mention that the DB entry seems fine.

So, here it is:

$text = "abcdef'ghijkl";

if (get_magic_quotes_gpc()) { // Check if magic quotes are enabled
    $new_text = stripslashes($text);
}else {
    $new_text = $connection->real_escape_string($text);
// Don't worry about $connection, it's personal, 
// just see that it first checks if magic quotes are enabled
// If so, it uses stripslashes,
// else, it uses real_escape_string

Now, when I check my table with phpmyadmin, everything is correct, it shows like that:

And when I want to display it on a page, it shows like that:

without the rest... is there a function that can make it display as it should be?

Member Avatar

I meant the code that you're using to echo the text out to the screen.

Lol, I'm sorry. I figured it out, when printing it out, I used:
<a href='somlink.com' title='".$cat_title."'>link</a>
So the " ' " in the $cat_title closed the attribute!
I don't usually come on forums to ask help, but that was so stupid and easy that I had to do it... :/
Thanks for trying to help.

Member Avatar

OK, mark question as solved (button below)