Обсуждение: Re: Re(2): Test (fwd)
you can use the addslashes() function. This will make O'Brien O\'Brien and the db will take it. In php4 this happens by default Tim. Timothy P. Maguire Web Developer II Harte-Hanks 978 436 3325 "Adam Lang" <aalang@rutgersinsur To: <pgsql-php@postgresql.org> ance.com> cc: Sent by: Subject: Re: Re(2): Test (fwd) pgsql-php-owner@post gresql.org 06/14/01 01:28 PM It could fluctuate on each database, so always check the appropriate documentation, but... the standard way usually is to double the apostrophe O'Brien would be O''Brien (the middle is two apostrophes, not a quote) Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com ----- Original Message ----- From: "Gary Hoffman" <ghoffman@ucsd.edu> To: <pgsql-php@postgresql.org> Cc: <aalang@rutgersinsurance.com> Sent: Thursday, June 14, 2001 1:12 PM Subject: Re(2): [PHP] Test (fwd) > aalang@rutgersinsurance.com writes: > > > >Plus, you have to make sure to check for apostrophes. That will break > >your > >SQL statement if someone typed them into the text field. > > > > Well, this caveat had never occured to me. So how does someone enter > strings with enclosed apostrophes, as in the Irish surname O'Mallory or > the Yemeni placename Sana'a? > > Gary > > ************************************************************************** > * Gary B. Hoffman, Computing Services Manager e-mail: ghoffman@ucsd.edu * > * Graduate School of International Relations and Pacific Studies (IR/PS) * > * University of California, San Diego (UCSD) voice: (858) 534-1989 * > * 9500 Gilman Dr. MC 0519 fax: (858) 534-3939 * > * La Jolla, CA 92093-0519 USA web: http://www-irps.ucsd.edu/ * > ************************************************************************** > > ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
> you can use the addslashes() function. This will make O'Brien O\'Brien and > the db will take it. In php4 this happens by default Not really by default, it's a configuration option to have that happen to data coming from forms. I forget the exact name of the parameter in the php.ini file, but it's something like magic_quotes_runtime or some such beast. Just an FYI..
Hello, You are right, just for clarity the directives mentioned before are: magic_quotes_runtime [on|off] = if it's turned on single and double quotes (' and ") will be escaped with a blackslash. Escaping is applied to every sourcewhich comes from outside of PHP -- in other words and more informally -- not genarated by your own script(such as dbor file read) - automagically. [also have a look at these functions: set_magic_quotes_runtime(int), int get_magic_quotes_runtime()] magic_quotes_sybase [on|off] = if it's *also* turned on PHP single quotes (') will be escaped with another ' instead of blackslash (\). It effects only if magic_quotes_runtime is turned on. Papp Gyozo - pgerzson@freestart.hu ----- Original Message ----- From: "Mitch Vincent" <mvincent@cablespeed.com> To: <pgsql-php@postgresql.org> Sent: 2001. június 15. 01:00 Subject: Re: [PHP] Re: Re(2): Test (fwd) > > you can use the addslashes() function. This will make O'Brien O\'Brien > and > > the db will take it. In php4 this happens by default > > Not really by default, it's a configuration option to have that happen > to data coming from forms. I forget the exact name of the parameter in the > php.ini file, but it's something like magic_quotes_runtime or some such > beast. > > Just an FYI.. > > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html