Re: [SQL] escaping the '

Eric J McKeown <ericm@palaver.net>

From: Eric McKeown <ericm@palaver.net>
To: Andy Lewis <alewis@mpsi.net>
Cc: pgsql-sql@postgreSQL.org
Date: 1998-05-22T22:41:10Z
Lists: pgsql-sql
On Fri, 22 May 1998, Andy Lewis wrote:

> Date: Fri, 22 May 1998 09:00:35 -0500 (CDT)
> From: Andy Lewis <alewis@mpsi.net>
> To: pgsql-sql@postgreSQL.org
> Subject: [SQL] escaping the '
> 
> I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
> 
> I have a table that has 16 text fields in it. I have a PHP form that allows a
> user to enter info into that field. When a user enters an ' as in " item's " the
> query will fail. I have played around with it and can execute the query without
> error if I escape the ' . Such as " item\'s "
> 
> Here's the big question:
> 
> Is there anyway other than doing a ereg_replace(); in PHP to get around this
> problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
> I have no problem. I dont recall having this problem in the earlier version of
> Postgres.

If you're using a php3.ini file, check out the value of "magic_quotes_gpc"
in that file.  If set to 1, that should escape such quotes automatically
when using GET or POST to send the contents of your form to a processing
script.  If you're not using a php3.ini file (assuming you're running the
Apache module version), you can use the php3_magic_quotes_gpc directive in
*.conf or .htaccess.  Run httpd -h for details on all the various php
directives available...

eric

> 
> As always, thanks in advance!
> 
> Andy
> 
> 
> 

***********************************************************
Eric McKeown				  ericm@palaver.net
Palaver 			     http://www.palaver.net	
332 N. Market St.		     Phone:  (219) 253-8131
Monon, IN 47959			       Fax:  (219) 253-6800 
***********************************************************