MYSQL input data with double-quotes

This one really has me stumped.

I need to add or update a mysql table with a string that includes double
quotes. I use the addslashes() function to set the necessary escapes. This
works with INSERT. However, with UPDATE the string is truncated at the first
double-quote. (No problem with single-puote.)

This code works, no problem:

$line1=$_POST['item1'];
$line1=addslashes($line1);
mysql_query("INSERT INTO $tablename (info) VALUES('$line1') ") or
die(mysql_error());

With this code, the string is truncated when a double-quote is encountered.

$title1=$_POST['T1'];
$title1=addslashes($title1);
mysql_query("UPDATE $tablename SET info='$title1' WHERE id='1' ") or
die(mysql_error());

I would be very grateful for any explanation of this problem

Thanks, Robert

Robert [ Mi, 29 März 2006 02:42 ] [ ID #1251688 ]

Re: MYSQL input data with double-quotes

OOPS! Never mind, I finally figured it out. Nothing wrong with that code, it
was some other code.

Sorry for the bother,
Robert the novice

"Robert" <nospam [at] spamfree.com> wrote in message
news:EJkWf.34631$1Z5.26003 [at] tornado.texas.rr.com...
> This one really has me stumped.
>
> I need to add or update a mysql table with a string that includes double
> quotes. I use the addslashes() function to set the necessary escapes. This
> works with INSERT. However, with UPDATE the string is truncated at the
> first double-quote. (No problem with single-puote.)
>
> This code works, no problem:
>
> $line1=$_POST['item1'];
> $line1=addslashes($line1);
> mysql_query("INSERT INTO $tablename (info) VALUES('$line1') ") or
> die(mysql_error());
>
> With this code, the string is truncated when a double-quote is
> encountered.
>
> $title1=$_POST['T1'];
> $title1=addslashes($title1);
> mysql_query("UPDATE $tablename SET info='$title1' WHERE id='1' ") or
> die(mysql_error());
>
> I would be very grateful for any explanation of this problem
>
> Thanks, Robert
>
>

Robert [ Mi, 29 März 2006 04:32 ] [ ID #1251690 ]

Re: MYSQL input data with double-quotes

You should use mysql_real_escape_string() for the necessary escaping
caring also about the charset.

Regards.

--
Leonardo Armando Iarrusso - J2Be
www: http://www.J2be.com - e-mail: info[at]J2Be.com

J2Be [ Mi, 29 März 2006 12:39 ] [ ID #1251693 ]

Re: MYSQL input data with double-quotes

Thanks for the tip, Leonardo!

Robert

"J2be" <info [at] nospamj2be.com> wrote in message
news:442a6281$0$36931$4fafbaef [at] reader3.news.tin.it...
> You should use mysql_real_escape_string() for the necessary escaping
> caring also about the charset.
>
> Regards.
>
>
> --
> Leonardo Armando Iarrusso - J2Be
> www: http://www.J2be.com - e-mail: info[at]J2Be.com
>

Robert [ Do, 30 März 2006 01:31 ] [ ID #1253460 ]