problem with apostrophe

Question

I am using mysql with PHP. I have a problem with inserting the apostrophe value in database. However I use -

$newstring = str_replace("'","&apos;",$string);

OR

$newstring = str_replace("'","''",$string);

but how could I fetch the string as it is?

Thanks.

I'm confused by your question. Could you clarify 'fetch the string as is'? — switz, Jul 18 '11 at 13:00
Possible Duplicates: [How do you encode an apostrophe so that it's searchable in mysql?](http://stackoverflow.com/questions/620783/how-do-you-encode-an-apostrophe-so-that-its-searchable-in-mysql); [PHP Apostrophe and query string.](http://stackoverflow.com/questions/2951250/php-apostrophe-and-query-string) — hakre, Jul 18 '11 at 13:00
@user820561: Next to the problem you have to actually store the string (I assume you want to store it unchanged) to the database, you're probably even facing a SQL injection. You can store the string unchanged into the database by making use of the `mysql_real_escape_string` function instead of using your self-cooked `str_replace`. That's for what it has been made for. And it helps to prevent sql injections. — hakre, Jul 18 '11 at 13:09

score 4 · Answer 1 · answered Jul 18 '11 at 12:59

4

mysql_real_escape_string($string)

answered Jul 18 '11 at 12:59

Sarfraz

thanks for your suggesation. I used it, but while inserting it into table it inserts value as - abcd\'s , so while fetching string comes as it is abcd\'s. How can I avoid this? – SandyK Jul 18 '11 at 13:24
@user: While fetching, use `stripslashes` function :) – Sarfraz Jul 18 '11 at 15:45

score 2 · Accepted Answer · answered Jul 18 '11 at 13:00

2

you need to escape it, use addslashes() to sanitise it, or better yet, mysql_real_escape_string()

answered Jul 18 '11 at 13:00

Olipro

2 Answers2