escaping apostrophes in post

Question

Hi I am using site generating software. I have a post that sends to a script, which is to transfer a text string into a diary table (Dsc=) However a single ' anywhere in the post ie don't can't , and the operation fails can anyone tell me how I have to alter this code to stop this happening please

print "<td align=Center ><span 
id=\"Client_1_Diaryplus_value_".$rowcount."\"";
print ">";
print "<a href=\"http://" . "adddddd.com/addb/xx.php" . "?" . ""."Dsc=<b>" . 
urlencode($row[29]) . " Lead from: " . $row[27] . " - Job: " . $row[0] . " - 
" . $row[39] . "Notes: " . $row[18] . " - Obs: " . $row[26] . "" . "\"  
target=\"_self\">" . $cellvalue . "</a>";
print "</span></td>";

Your 'site generating software' needs to escape the text before saving it to the database and then unescape or stripslashes when it retrieves the data for display. — , Jan 27 '18 at 15:47
I have searched, and couldn't find the answer, I just wanted to know simply what do I have to add to the above code to remove any ' contained in the text string, which is stopping it updating the column in the table, I do not need to unescape it after. for example the post xxx.php?Dsc=He is a lovely man works and updates the diary, but he's a lovely man throws an error. — Dai13, Jan 27 '18 at 16:48
ok looking at the answers for sql injection, i will try to alter the receiving script, rather than the post — Dai13, Jan 27 '18 at 17:04

escaping apostrophes in post

0 Answers0