Hi I'm having some difficulty with escaping double quoutes from a string.
Here's my situation:
I get the the result set from the database then I apply utf8_encode to it because there's latin/accented characters and it return the string as it should be exept the double quotes in the begin and end of the string.
If in the DB I have: "Olá João" it returns: Olá João. The double quotes are ignored
$rs = mysql_fetch_array($query)
$text = utf8_encode($rs['l_reference']);
echo $text;
I tried using addslashes but without success.
I think its because "Olá João" is a multibyte string and you must use a different workaround for this. Try this one mb_addslashes
Related
I have a textbox where i can type double quoted words like: hello i am "steve" and i can successfully insert the string into my database after mysqli_real_escape_string
<textarea name="description"></textarea>
php below:
$text_data = $_POST['description']; // hello my name is "steve"
$final_text = mysqli_real_escape_string($this->conn,$text_data);
// the above without removing double quotes can be inserted into the db
but if it is single quotes and I convert to double quotes then it cannot be inserted.
$text_data = $_POST['description']; // hello my name is 'steve'
$final_text = str_replace("'",'"',$text_data);
$final_text = mysqli_real_escape_string($this->conn,$text_data);
so my questions are:
how come it works with double quotes? doesn't it needs to be removed or replaced with "/ something?
if the first case: double quotes work fine, then how come the second case when converted from single to double quotes cannot be inserted into the db?
Thanks a lot in advance
MySQL treats single quote as a string END. In order to INSERT string with single quotes you have to ESCAPE it as \'Hello World\'
This should work seamlessly
$text_data = "hello my name is \'steve\'";
A couple things..
First I would do some reading on the differences between the single quote and the double quote's behaviors. Just so going forward you have a basis for the differences between the two.
Secondly lets look at the logic of your code:
If I replace the single quotes in your code like your code suggest your statement will look like this:
"hello my name is "steve""
No lets look closly at what happens between " and steve.
"hello my name is " steve ""
The reason your query is failing, I believe is because steve is not quoted anymore.
Using prepared statement is really your best solution to the problem.
Hope that helps
UPDATED:
$text_data = "hello my name is 'steve'";
$final_text = str_replace("'",'\"',$text_data);
I use sprintf() on my program to output some tabs and newlines. I noticed a part of my program not working properly.
As I inspected the part that isn't working, I noticed that I used a single quote ' instead of a doublequote " and the program actually outputs a \t instead of a inivisible tab space.
I thought the two are similar and the reason for having two delimeters for php is for us to be able to insert single or doublequote in a string or echo them without inserting escape characters.
Would there be a difference in assigning variables aside from the one I discovered
$a = "qq";
$b = 'qq';
Would they be stored in the computer's memory in a different manner?
you can refer to the manual that specifies that single quotes in php consider most escape sequences as litterals, contrary ot double quotes:
http://php.net/manual/en/language.types.string.php
single quote is faster than double
double quote can parse php variable. i.e. $a=2; and if you use echo "a is: $a"; then it will print a is: 2 but single quote will print a is: $a
if you use single quotes for the format string (like you should do, since there
aren't any variable conversions to do as long as you don't need any special chars),
the given examples won't work because of the backslash before the $ (needs to be
escaped in double quoted strings - but not in single quoted!) http://php.net/manual/en/function.sprintf.php
$url = "What's up with "You doing this"";
$q = sprintf ("update user set url='%s'",$url);
pg_query ($db_conn, $q)
I want to insert everything into the database exactly as the user wants. I don't want to escape anything. The above would fail for me because of the quotes. I know single quotes have to go around the postgresql string (url='%s'). Since there are double quotes in my url string the query will not update because of it. I'm sure I could do a string replace for all double quotes and make them single quotes but what if the user really wants double quotes. And I cannot use string replace to put a backslash because according to the postgresql docs the slash will be deprecated soon (http://www.postgresql.org/docs/8.1/interactive/sql-syntax.html) plus that goes against inserting only what the user inputted.
What do people suggest I do?
Use pg_escape_string to escape quote characters in your string.
Use parametrized queries:
pg_query_params
(
$db_conn,
"UPDATE user SET url = $1",
array('What's up with "You doing this"')
);
escape your double quotes in the text like this
$url = "What\'s up with \"You doing this\"";
I have tried lots of things and could not get through yet. I have a json string with some single quotes, double quotes and some other characters which are causing an error when I am trying to iterate the json by converting in into an array.
The quotes are escapes using addslashes and are going correctly in the database. But when I am converting the string to array using json_decode and stripslashes it says invalid argument passed to for loop.
Please suggest.
Thanks in advance.
Do this on the quotes:
$str = htmlentities($str, ENT_QUOTES);
And they will get-off your way.
As I remember, you have to first escape the quotes in php, and then escape the quotes and slashes when you print the json_encode. So, for "\"text\"" the output has to be \"\\"text\\"\".
I know this sounds simple, and probably is, but I can't seem ot get this working. Just want to replace all occurences of a double quote with a single quote...tired this but it doesn't work:
$con = str_replace("\"", "'", $content);
Or:
$con = str_replace(chr(34), chr(39), $content);
What you do is correct and should work. If it doesn't, then you may only SEE double quotes, but in reality these are other characters. Possible is html " character rendered as ". There are also several chars very similar to double quotes. hey 'happen' especially when pasting text from word or openoffice. You'll include all possibilities in str_replace (it can take arrays of strings as parameters).
I had the same problem with input from a form.
I used &quot; for my search string and it worked great.
$con = str_replace("&quot;", "'", $content);