tags:

views:

57

answers:

2
Q: 

mysql character escaping single quotes

I'm inserting some HTML into a MySQL database table. But when I get it back, many characters are mangled. Two specific cases I noted are:

  1. the single quotes are getting converted to �,
  2. code that earlier read class='content-section developer-support' has got converted to developer-support\="" class="\'content-section"

I understand that its an escaping problem. I use mysql_real_escape_string on the field before I push it into the db.

What is the right way to avoid this problem?

source:

    $query = sprintf("insert into events (title, content) values('%s', '%s')",
            mysql_real_escape_string($this->title, $conn),
            mysql_real_escape_string($this->content, $conn)
    );

the text I'm talking about is inserted into the field content.

And yes, I do have magic_quotes enabled. I'll fix that.. thanks

A: 

I think you have magic_quotes enabled in your PHP configuration and also, seems, something is trying to clean your HTML. You need to show your source.

FractalizeR  2009-12-29 10:20:57
added source to my question
Here Be Wolves  2009-12-29 14:29:01
I removed magic_quotes_gpc. Now it works like a charm! :)
Here Be Wolves  2009-12-30 20:30:33
A: 

It might be worth mentioning that you should maybe look into using prepared statements with MySQLi or PDO. In an essence what you have displayed is pretty similar to executing a prepared statement and it negates the need to use mysql_real_escape_string on every bit of user supplied data. It also has the plus of being more secure and can provide better performance.

Also as noted magic_quotes was most likely your problem.

anomareh  2009-12-29 14:01:05

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL