Hi, I'm trying to type in a name of a song into an input field, for example:
I'll Be Missing you

This field is captured through $_POST and set to a variable $title

I then update the table with this new title. Once it is updated, all that is shown in the data is:

I

The single quote, and anything after it is gone completely.
Here is my query. How can I change this so it includes the single quote and everything after it?

PHP Code:

$sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value";
        $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql); 


If more code is required to understand what I'm talking about, let me know.

You need to either escape the single quote or use double quotes around it.

PHP Code:

$title = 'I\'ll Be Missing you';
or
$title = "I'll Be Missing you"; 


Hey thanks for your post. I tried your method, but still having the same issue as mentioned before. I'm not getting any errors.

To further understand what is going on with my code, take a look at this
The page that allows me to change the name of the title is an admin page. This page lists all the rows in the database.

PHP Code:

function safe($value){
   return mysql_real_escape_string(stripslashes($value));
}
if (isset($submit)){

    // UPDATE USERS INFORMATION FOR ONLY THE ROWS THAT HAVE BEEN MODIFIED
    $user = $_POST['user'];
    foreach($user as $key=>$value)
    {
        $artist = safe($_POST['artist'][$key]);
        $title = safe($_POST['title'][$key]);
        $timesdownloaded = safe($_POST['timesdownloaded'][$key]);
        $lastdownloaded = safe($_POST['lastdownloaded'][$key]);
        $todaydownloads = safe($_POST['todaydownloads'][$key]);
        $location = safe($_POST['url'][$key]);
        $check = safe($_POST['check'][$key]);
        $artist = mysql_real_escape_string($artist);
        $title = mysql_real_escape_string($title);
        if(!$check=="check".$key){
        $sql = 'UPDATE sheets SET artist = "' . $artist . '", title = "' . $title . '", active = "' . $activestatus . '" WHERE id = ' . $value;
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
        $getusername = "SELECT artist FROM sheets WHERE id = $value";
        $getuserres = mysql_query($getusername);
        $getuserrow = mysql_fetch_assoc($getuserres);
        } 


Not sure why I'm still having an issue. Any ideas?

You need to escape quotes and your db column should be VARCHAR(n) type (n - number of maximum characters that can be put in that column)

Try echoing $title before inserting in a db, see the results.
Or try addslashes($title) instead of mysql_real_escape_string($title).

Hey, i tried echoing the title out, and after trying to type in:
I Don't Care

It echoed out:
I Don\'t Care

So this part seems to work correctly, however it doesn't show all of this once it updates the database.
It only shows:

I Don

I know the query updates the rows successfully, however it just doesn't display the single quote or anything after it.
Any other ideas?

What char-set is your table set to?

try utf8-unicode ( backup your db first to be safe.. )

OR just do it an odd way round..

Maybe use str_replace to replace the ' char with :hyphen:
Then on output use str_replace to replace :hyphen: with '

and display it normally again?

Its a horrible hack, but may work.


OR convert the ' to the html ascii http://www.ascii.cl/htmlcodes.htm

Quote:

Originally Posted by Smudly

Hey, i tried echoing the title out, and after trying to type in:
I Don't Care

It echoed out:
I Don\'t Care

So this part seems to work correctly, however it doesn't show all of this once it updates the database.
It only shows:

I Don

I know the query updates the rows successfully, however it just doesn't display the single quote or anything after it.
Any other ideas?

This is the correct solution to your problem but it has presented you with a further one. You need to use stripslashes() before you output the data to stop your new problem. Your original code is also vulnerable to attack without using addslashes. See SQL Injection, examples and prevention for more help and useful links.

Like mad_willsy said you need to use stripslashes($title), also it would be wise to check the database table it self with phpmyadmin for example just to be sure that your insert query is ok.

Thanks for all the suggestions everyone. Here is where I am at. The char-set is utf8-unicode. Once i type in the title:
I Don't Care
Inside the database it displays exactly how I typed it.
Displaying it is the issue now. I tried stripslashes around $title, but it displays as:
I Don

Here is my code that displays each row from my database.

PHP Code:

while($row = mysql_fetch_array($result))
  { 
      if(($ibg%2)==0){
        $bgcolor = "#f5f5f5";
    }
    else{
        $bgcolor = "#ccddff";
    }
 $hasdownloads = $row['timesdownloaded'];
  $dcolor = "#ffffff";
  $tcolor = "#ffffff";
  $inputbg = "#ffffff";
  $dlsbg = "#ffffff";
  $lastdownloaded = $row['lastdownloaded'];
  if ($hasdownloads>0){
  $dcolor = "#00cc00";
  $dlsbg = "#93db70";
  }
  else{
  $dlsbg = $bgcolor;
  }
  if ($lastdownloaded==$today){
  $tcolor = "#72a4d2";
  $inputbg = "#ccddff";
  }
  else{
    $tcolor = $bgcolor;
    $inputbg = $bgcolor;
  }
  if($row['artist']=="DELETE"||$row['title']=="DELETE"){
    $bgcolor = "#FE6A6A";
    $bgcolor = "#FE6A6A";  
  }

  echo "<tr>";
  echo "<td align='center' width='40' bgcolor='$bgcolor'><input type='hidden' name='user[".$row['id']."]' value='".$row['id']."' />" .$row['id']. "</td>";
  echo "<td align='center' width='200' bgcolor='$bgcolor'><input type='text' name='artist[".$row['id']."]' value='" .ucwords($row['artist']). "'  size='30' style='border: none; background-color: $bgcolor;'></td>";
  echo "<td align='center' width='130' bgcolor='$bgcolor'><input type='text' name='title[".$row['id']."]' value='" .ucwords($row['title']). "' style='border: none; background-color: $bgcolor;'></td>";
  echo "<td align='center' width='10' bgcolor='$bgcolor'><input type='text' name='timesdownloaded[".$row['id']."]' value='" .$row['timesdownloaded']. "' size='10' class='adminform' style='background-color: $dlsbg; border: none'></td>";
  echo "<td align='center' width='80' bgcolor='$bgcolor'><input type='text' name='url[".$row['id']."]' value='" .$row['url']. "' size='15' style='border: none; background-color: $bgcolor;'></td>";
  echo "<td align='center' width='10' bgcolor='$tcolor'><input type='text' name='todaydownloads[".$row['id']."]' value='" .$row['todaydownloads']. "' size='10' class='adminform' style='background-color: $inputbg; border: none'></td>";
  echo "<td align='center' width='20' bgcolor='$tcolor'><input type='text' name='lastdownloaded[".$row['id']."]' value='" .$row['lastdownloaded']. "' size='8' style='background-color: $inputbg; border: none'></td>";
  echo "<td align='center' width='10' bgcolor='$bgcolor'><a href='editsheets.php?delete=true&id=" .$row['id']. "' onclick='return show_delete()'>Delete</a></td>";
  
  
  
  echo "<td align='center' width='10' bgcolor='$bgcolor'><input type='checkbox' name='check[".$row['id']."]' style='background-color: $bgcolor;'></td>";  
  
  
  
  echo "</tr>";  
  $ibg++;
  } 


Sorry I know this is an old post not been on here for a while.

This issue is being caused because you need to either use attr="" for HTML attributes and escape double quotes in the title (replace " with \") or if you insist on using attr='' replace ' with \'.

There is no right way of doing this a str_replace may be easiest for you but other will argue addslashes is quicker and you can configure it to only escape the relevant types of quotes.

The ' in don't is being seen as the close of the attribute.

Hope this helps somebody if not the poster.

Jeez, guys, nobody's said anything about Magic Quotes?

Because they have been depreciated as of PHP 5.3

Quote:

Originally Posted by mad_willsy

Because they have been depreciated as of PHP 5.3

Exactly. That doesn't mean they're not on, though. This problem sounds an awful lot like magic_quotes, and seeing as the problem is unsolved (as far as I know) it might be that.

Plus, most of Smudly's replies are from this thread!