hi,
i am writing a program to send data to a php file to update a db in mysql. it seems that all my data works (even double quotes) but the single quotes do not work because my query looks like this:
=> update... set something = '$text'
now, because $text is surrounded by single quotes, i think the single quote in the data passed to $text conflicts with the ending single quote in the query. so i tried to
=> ereg_replace("'", "\'", $text)
but this make every single quote as \\' (i.e., it inserts two back slashes instead of one!))
i checked the php.net help and there are two functions (htmlspecialchars as well as htmlentities) but none of them is working!
please please help! what can i do now? what do you people do for inserting the data so that ____lesser than sign, greater than sign, double quote, single quote, ampersand____ can be inserted as well retrieved correctly? i think for the display side, htmlspecialchars() might work, but not for inserting or updating.
pls pls help! i am using PEAR db abstraction layer.
thanks!!
i am writing a program to send data to a php file to update a db in mysql. it seems that all my data works (even double quotes) but the single quotes do not work because my query looks like this:
=> update... set something = '$text'
now, because $text is surrounded by single quotes, i think the single quote in the data passed to $text conflicts with the ending single quote in the query. so i tried to
=> ereg_replace("'", "\'", $text)
but this make every single quote as \\' (i.e., it inserts two back slashes instead of one!))
i checked the php.net help and there are two functions (htmlspecialchars as well as htmlentities) but none of them is working!
please please help! what can i do now? what do you people do for inserting the data so that ____lesser than sign, greater than sign, double quote, single quote, ampersand____ can be inserted as well retrieved correctly? i think for the display side, htmlspecialchars() might work, but not for inserting or updating.
pls pls help! i am using PEAR db abstraction layer.
thanks!!