Обсуждение: Re: Re(2): Test (fwd)
you can use the addslashes() function. This will make O'Brien O\'Brien and
the db will take it. In php4 this happens by default
Tim.
Timothy P. Maguire
Web Developer II
Harte-Hanks
978 436 3325
"Adam Lang"
<aalang@rutgersinsur To: <pgsql-php@postgresql.org>
ance.com> cc:
Sent by: Subject: Re: Re(2): Test (fwd)
pgsql-php-owner@post
gresql.org
06/14/01 01:28 PM
It could fluctuate on each database, so always check the appropriate
documentation, but...
the standard way usually is to double the apostrophe
O'Brien would be O''Brien (the middle is two apostrophes, not a quote)
Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Gary Hoffman" <ghoffman@ucsd.edu>
To: <pgsql-php@postgresql.org>
Cc: <aalang@rutgersinsurance.com>
Sent: Thursday, June 14, 2001 1:12 PM
Subject: Re(2): [PHP] Test (fwd)
> aalang@rutgersinsurance.com writes:
> >
> >Plus, you have to make sure to check for apostrophes. That will break
> >your
> >SQL statement if someone typed them into the text field.
> >
>
> Well, this caveat had never occured to me. So how does someone enter
> strings with enclosed apostrophes, as in the Irish surname O'Mallory or
> the Yemeni placename Sana'a?
>
> Gary
>
>
**************************************************************************
> * Gary B. Hoffman, Computing Services Manager e-mail: ghoffman@ucsd.edu
*
> * Graduate School of International Relations and Pacific Studies (IR/PS)
*
> * University of California, San Diego (UCSD) voice: (858) 534-1989
*
> * 9500 Gilman Dr. MC 0519 fax: (858) 534-3939
*
> * La Jolla, CA 92093-0519 USA web: http://www-irps.ucsd.edu/
*
>
**************************************************************************
>
>
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster
> you can use the addslashes() function. This will make O'Brien O\'Brien
and
> the db will take it. In php4 this happens by default
Not really by default, it's a configuration option to have that happen
to data coming from forms. I forget the exact name of the parameter in the
php.ini file, but it's something like magic_quotes_runtime or some such
beast.
Just an FYI..
Hello,
You are right, just for clarity the directives mentioned before are:
magic_quotes_runtime [on|off]
= if it's turned on single and double quotes (' and ") will be escaped with a blackslash. Escaping is applied to every
sourcewhich comes from outside of PHP -- in other words and more informally -- not genarated by your own script(such as
dbor file read) - automagically.
[also have a look at these functions: set_magic_quotes_runtime(int), int get_magic_quotes_runtime()]
magic_quotes_sybase [on|off]
= if it's *also* turned on PHP single quotes (') will be escaped with another ' instead of blackslash (\).
It effects only if magic_quotes_runtime is turned on.
Papp Gyozo
- pgerzson@freestart.hu
----- Original Message -----
From: "Mitch Vincent" <mvincent@cablespeed.com>
To: <pgsql-php@postgresql.org>
Sent: 2001. június 15. 01:00
Subject: Re: [PHP] Re: Re(2): Test (fwd)
> > you can use the addslashes() function. This will make O'Brien O\'Brien
> and
> > the db will take it. In php4 this happens by default
>
> Not really by default, it's a configuration option to have that happen
> to data coming from forms. I forget the exact name of the parameter in the
> php.ini file, but it's something like magic_quotes_runtime or some such
> beast.
>
> Just an FYI..
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html