Thursday, June 14, 2012

escaping quotes in php

The TFD folks had trouble entering the TFD - they had copy-pasted the TFD into the data entry form which uses php, and on submitting it, got errors like
Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''In spiritual matters // snip

Guessed that this was due to unescaped quotes. Asked him to manually remove the quotes before submitting. It worked. But he was again stumped by an apostrophe which again caused hiccups. Checked with P and he changed the code from

//$singlequote= "\'";

//$replace_singlequote= "''";
//$messageposted = str_replace($singlequote,$replace_singlequote,$messageposted);

and so on to

messageposted = htmlspecialchars($messageposted);

No comments:

Post a Comment