How to handle quote characters in PHP?
As you know, Firebird escapes the single-quote (apostrophe) character in strings with another quote character. For example to store string “can’t” into database you would write a query like this: INSERT INTO t1 VALUES (‘can”t’); The same thing should be done with PHP when you supply values as strings (i.e. you build the entire statement as a string): ibase_query(‘INSERT INTO t1 VALUES (\’can\’\’t\’)’); or ibase_query(“INSERT INTO t1 VALUES (‘can”t’)”); If you have values in variables, you can escape them using str_replace: $cant = “can’t”; $cant = str_replace(“‘”, “””, $cant); ibase_query(“INSERT INTO t1 VALUES(‘$cant’)”); Of course, using strings to build queries is not a very good idea. You should use parametrized queries and then you wouldn’t have to escape anything. You probably knew all this, now onto the advanced stuff. When variables are supplied by the user using a form (via GET or POST) PHP might change them. For example, when user types: can’t into a form field, you might
Related Questions
- Looks like the Anti-XSS feature causes problems with URLs containing some characters such as <, (single quote) or " (double quotes). Whats happening?
- How come I can find pictures of Soundwave or one of my other favorite characters in the Quote Index?
- How do I configure Exchange to quote replies with ">" characters?
