Storing info with apostrophes in database and selecting with sql

[jamin84]

I set up a database to store information for a certificate course (title, description, objectives, date, location) and am retrieving the information to display on a web page. The description contains apostrophes and every forum I've looked at addresses the problem of inserting and selecting, but I just need to know how to store the information in order to select it without getting question marks in their places.

[rdivilbiss]

If you use MySQL prepared statements to insert and select information from the database, apostrophes will not be a problem or issue.

See: PHP MySql Prepared Statements Library in the ArticleWiki under PHP.

Otherwise you'll need to escape apostrophes before inserting the data into the database and unescape them before displaying the data on a web page.

[jamin84]

I looked at the PHP MySql Prepared Statements Library but couldn't put any of it to use.

I am using phpmyadmin to insert the data into the fields. I'm not sure how to use prepared statements to insert the data, can I edit the data directly somehow? How would I escape the apostrophes with phpmyadmin?

[VGR]

humm you're not very clear. Anyway if your problem lies in quotes (single quotes, because double quotes are theoretically not a problem in SQL), just do an addslashes() call before posting to the DB, and do a stripslashes() after reading. it's as simple as that. good practice anyway to do this on all string (eg, char, *text or varchar) columns.

[jamin84]

Thanks for replying, I hope to make it clearer!

I am not using any SQL directly to insert the data. I open the table and cut and paste the information all in phpmyadmin, so I don't know where I would invoke the addslashes function. I tried simply adding backslashes to the data (right before the single quote), fetching my query with php/sql and calling the stripslashes function when I captured the data which didn't work.

Furthermore, if I manually replace all the single quotes in phpmyadmin directly, it seems to fix the problem.

[VGR]

eactly. phpmyadmin si crap. I only use the console. phpmyadmin is crap. you can't specify the charset, skip-quotes etrc when performing a mysqldump(). Use standard tools. phpmyadmin is crappy. it doesn't even do an addslash(). phpmyadmin is sh**t

BTW, I have a script called "vgrdb.php" that you may find on my site, wgich I made before phpmyadmin even existed ; it automatically adapts to your server's data (databases, table layouts etc) and offers add/edit/delete functions.

I have an other one which is a freeform QBE (so it's a QB without the "E" ;) whose strnegth is the ability to work with oracle, mysal and/or sql-server all at the same time. pgsql was under work when I stopped.