1

I tried asking this question a week ago but got no answer. Hoping to explain it better this time.

My customer can input anything into a textarea and I am saving that to a MySQL table.

how can I replace all of their apostrophes with a double apostrophe so I don't get a bad query?

I tried the following it didn't work.

$description = str_replace("''", "'", $description);
Parzi
  • 694
  • 2
  • 10
  • 33

2 Answers2

1

Hi Landon have you tried this 'mysqli_real_escape_string' function ?

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

exaple like below:

$link = mysqli_connect("localhost", "my_user", "my_password", "world");

$lastname  = "O'Reilly";
$_lastname =mysqli_real_escape_string($link, $lastname);

http://us3.php.net/mysql-real-escape-string

tradebel123
  • 435
  • 1
  • 5
  • 20
  • Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() – Parzi Dec 09 '17 at 09:07
  • 1
    looks like you are using latest version of php try this mysqli_real_escape_string() function instead @LandonCall – tradebel123 Dec 09 '17 at 09:14
  • Yup I just changed it to mysqli_real_escape_string() and just read that I needed to include my connection so the command was mysqli_real_escape_string($dbconnection, $description); – Parzi Dec 09 '17 at 09:19
0

I think you have problem with function.

str_replace(find, replace, string, count);

and for MySQL you should change all ' to '' so change your code as follow :

$description = str_replace("'", "''", $description);
Arash Hatami
  • 5,297
  • 5
  • 39
  • 59