1

I am trying to use txt file hosted at http://terriblytinytales.com/test.txt in php. I am saving all individual words in a database using mysql. I am using addslashes() function like this

$txtFile = addslashes(file_get_contents('http://terriblytinytales.com/test.txt'));

But after successfully saving in the database, the ' in the string I got by file_get_contents('http://terriblytinytales.com/test.txt') is not replacecd.

only the first ' in we're is replaced and others are same. Please help

crownedlake
  • 43
  • 4
  • How do you see which ones got replaces? And why do you need that? Can you share the **full** code you are using? – Nico Haase Mar 29 '18 at 14:37
  • 1
    Er... The `addslashes()` PHP function has very limited use cases and storing text into databases is definitively not one of them. What do you need slashes for? – Álvaro González Mar 29 '18 at 14:54
  • @NicoHaase I am using `alert()` in my front end code to see the string after using `addslashes()` I need to add slashed before ' so that I can save words with ' in my database without any problems link to see my code https://github.com/crownedlake/TTT/blob/master/scan.php – crownedlake Mar 29 '18 at 19:45
  • @ÁlvaroGonzález I need to remove any ' to store words on my database – crownedlake Mar 29 '18 at 19:49
  • Don’t use `addslashes` to sanitize database input! There are much better and safer ways! – Nico Haase Mar 30 '18 at 05:26
  • The question description (*after successfully saving in the database, the ' in the string […] is not replaced*) and the follow-up comment (*to remove any '*) contradict each other. But it's clear they correspond to an attempt to address SQL injection. Since this topic is surprisingly badly explained in PHP tutorials and it gets asked here in a daily basis I'll redirect to the reference question where this specific issue is widely covered. – Álvaro González Mar 30 '18 at 10:39

0 Answers0