Thread

  1. escaping the '

    Andy <alewis@mpsi.net> — 1998-05-22T14:00:35Z

    I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
    
    I have a table that has 16 text fields in it. I have a PHP form that allows a
    user to enter info into that field. When a user enters an ' as in " item's " the
    query will fail. I have played around with it and can execute the query without
    error if I escape the ' . Such as " item\'s "
    
    Here's the big question:
    
    Is there anyway other than doing a ereg_replace(); in PHP to get around this
    problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
    I have no problem. I dont recall having this problem in the earlier version of
    Postgres.
    
    As always, thanks in advance!
    
    Andy
    
    
    
    
  2. Re: [SQL] escaping the '

    Eric J McKeown <ericm@palaver.net> — 1998-05-22T22:41:10Z

    On Fri, 22 May 1998, Andy Lewis wrote:
    
    > Date: Fri, 22 May 1998 09:00:35 -0500 (CDT)
    > From: Andy Lewis <alewis@mpsi.net>
    > To: pgsql-sql@postgreSQL.org
    > Subject: [SQL] escaping the '
    > 
    > I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
    > 
    > I have a table that has 16 text fields in it. I have a PHP form that allows a
    > user to enter info into that field. When a user enters an ' as in " item's " the
    > query will fail. I have played around with it and can execute the query without
    > error if I escape the ' . Such as " item\'s "
    > 
    > Here's the big question:
    > 
    > Is there anyway other than doing a ereg_replace(); in PHP to get around this
    > problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
    > I have no problem. I dont recall having this problem in the earlier version of
    > Postgres.
    
    If you're using a php3.ini file, check out the value of "magic_quotes_gpc"
    in that file.  If set to 1, that should escape such quotes automatically
    when using GET or POST to send the contents of your form to a processing
    script.  If you're not using a php3.ini file (assuming you're running the
    Apache module version), you can use the php3_magic_quotes_gpc directive in
    *.conf or .htaccess.  Run httpd -h for details on all the various php
    directives available...
    
    eric
    
    > 
    > As always, thanks in advance!
    > 
    > Andy
    > 
    > 
    > 
    
    ***********************************************************
    Eric McKeown				  ericm@palaver.net
    Palaver 			     http://www.palaver.net	
    332 N. Market St.		     Phone:  (219) 253-8131
    Monon, IN 47959			       Fax:  (219) 253-6800 
    *********************************************************** 			  
    		                          
    
    
    
  3. Re: [SQL] escaping the '

    Anton Stckl <tony@cys.de> — 1998-05-25T10:09:42Z

    Eric McKeown wrote:
    
    > > I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
    > >
    > > I have a table that has 16 text fields in it. I have a PHP form that allows a
    > > user to enter info into that field. When a user enters an ' as in " item's " the
    > > query will fail. I have played around with it and can execute the query without
    > > error if I escape the ' . Such as " item\'s "
    > >
    > > Here's the big question:
    > >
    > > Is there anyway other than doing a ereg_replace(); in PHP to get around this
    > > problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
    > > I have no problem. I dont recall having this problem in the earlier version of
    > > Postgres.
    > 
    > If you're using a php3.ini file, check out the value of "magic_quotes_gpc"
    > in that file.  If set to 1, that should escape such quotes automatically
    > when using GET or POST to send the contents of your form to a processing
    > script.  If you're not using a php3.ini file (assuming you're running the
    > Apache module version), you can use the php3_magic_quotes_gpc directive in
    > *.conf or .htaccess.  Run httpd -h for details on all the various php
    > directives available...
    
    Or you can alway escape the ' by another single quote -> select .. where
    value = 'item''s' ..
    
    -Tony
    
    -- 
    ----------C-Y-B-E-R-S-O-L-U-T-I-O-N-S----------------
    Anton Stöckl                    mailto:tony@cys.de
    CyberSolutions GmbH             http://www.cys.de
    Frankfurter Ring 193A           Phone +49 89 32369223
    80807 Muenchen                  Fax   +49 89 32369220
    ------W-E----M-A-K-E----I-T----P-O-S-S-I-B-L-E-------
    
    
  4. Re: [SQL] escaping the '

    engelbert gruber <engelbert.gruber@metasys.co.at> — 1998-05-27T08:37:55Z

    Andy Lewis wrote:
    
    > I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
    >
    > I have a table that has 16 text fields in it. I have a PHP form that allows a
    > user to enter info into that field. When a user enters an ' as in " item's " the
    > query will fail. I have played around with it and can execute the query without
    > error if I escape the ' . Such as " item\'s "
    >
    > Here's the big question:
    >
    > Is there anyway other than doing a ereg_replace(); in PHP to get around this
    > problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
    > I have no problem. I dont recall having this problem in the earlier version of
    > Postgres.
    >
    
    how about String Functions AddSlashes (RTFM)
    
    > As always, thanks in advance!
    >
    
    minimum sweat
    
    --
    ---------------------------------------------
     engelbert gruber
     METASYS Datentechnik
      - innsbruck/austria/europe
     email : Engelbert.Gruber@metasys.co.at
    
     webpg : http://www.metasys.co.at
    ---------------------------------------------