How to deal with "Quotes" in PHP/SQL
Here are the key players:
htmlspecialchars($var)
mysqli_real_escape_string($dbc,$var)
addslashes($var)
$var is the string you are dealing with
$dbc is the DataBase Connection you are using, ie. $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_DATA) or die('Error connecting to MySQL server.');
Here is the How/Why:
htmlspecialchars($var) changes characters in your string to HTML safe code (" or ' etc)
This allows you to print SQL results to HTML like value="This isn't a "TEST"" without having to change the quotes you use.
mysqli_real_escape_string($dbc,$var) adds a backslash \ to characters so that the SQL will be read properly as it is entered into the database.
NOTICE: You MUST have the $dbc or it will NOT work
addslashes($var) is basically the same thing as mysqli_real_escape_string($dbc,$var) but not as hard core. If you are only printing to HTML for your own purposes and you know you will only need a few select characters like single and double quotes, this is fine, AND you don't need to remember the $dbc. DO NOT use it to push into a DB, it isn't as reliable
htmlspecialchars($var)
mysqli_real_escape_string($dbc,$var)
addslashes($var)
$var is the string you are dealing with
$dbc is the DataBase Connection you are using, ie. $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_DATA) or die('Error connecting to MySQL server.');
Here is the How/Why:
htmlspecialchars($var) changes characters in your string to HTML safe code (" or ' etc)
This allows you to print SQL results to HTML like value="This isn't a "TEST"" without having to change the quotes you use.
mysqli_real_escape_string($dbc,$var) adds a backslash \ to characters so that the SQL will be read properly as it is entered into the database.
NOTICE: You MUST have the $dbc or it will NOT work
addslashes($var) is basically the same thing as mysqli_real_escape_string($dbc,$var) but not as hard core. If you are only printing to HTML for your own purposes and you know you will only need a few select characters like single and double quotes, this is fine, AND you don't need to remember the $dbc. DO NOT use it to push into a DB, it isn't as reliable
posted by Billy Nair | 2:37 PM
1 Comments:
Friends and my readers ,I have a dream ,and the dream is to see my country touching new heights of growth and development ,to see happiness on every face and prosperity and contentment in every village and city. logo digitizing service
Post a Comment
<< Home