On Thu, 2009-10-22 at 21:32 -0400, PJ wrote:

> I have several input fields to update a book database. There seems to be
> a conflict in the way tags and text are input through php/mysql and
> phpMyAdmin. If I enter the data with phpMyAdmin the input fields in the
> php page see quotation marks differently than what is input in phpMyAdmin.
> example:
> if the data is input through the update form, single quotes cause an
> error. Double quotes update the db but when the edit(update) form
> displays the text for modification outside the input field except for
> the first part, precisely where the first quotation mark appears in the
> text - as below:
> *<b>Reviewed by <a href=*"mailto:recipi...@somewhere.com";>Recipient:
> blah, blah, blah...religion." _size="50" />_
> The text in square brackets is displayed outside the input field and
> includes part of the code at the end.
> bold is within the field, the rest is outside and the underlined is part
> of code.
> If the same text is entered with phpMyAdmin using single quotes and the
> &quot; characters, the display in the editing field shows correctly...
> but it will not update, that is, the update query generates errors and
> only accepts the double quotes within the tags.
> So, the question is, are there some kind of metacharacters to be used to
> have mysql accept the " ? I have triee backslashing, forward slashing
> and they don't do it.
> Or is there an encoding conflict here? It looks like a display and save
> mismatch somewhere...
> below is another example:
> <a
> href='http://www.amazon.com/exec/obidos/ASIN/0773468943/frankiesbibliogo'><IMG
> height=68 alt="Order This Book From Amazon.com"
> src="../images/amazon1.gif" width=90 border=0 /></a>
> The single quotes for the href seem to work. But the " does not work;
> and using &quot; or &rsquo;  also also do not display correctly; again,
> from "Order... the image is not displayed but only the image blank with
> "Order.. " in it.
> I'm rather puzzled.

Single quotes need to be escaped if you are using them as part of a
query. For example:

$query = "UPDATE table SET title='This is a title with \"quoted\"

Note that here, double quotes are used to encapsulate the whole query
string (as it is generally preferred this way), the value of the title
field is encapsulated in single quotes. Lastly, where I've wanted double
quotes to be used in the query, I've escaped them with a back-slash.
This escapes them from PHP, as mysql is using single quotes, so directly
in the query they're fine. The single quotes are also escaped with
back-slashes, but this time to escape them from mysql, as single quotes
are used as the string delimiters there.


Reply via email to