Reputation: 2452
allow a filed can be inputted quotes php?
the main point is
allow a filed can be inputted quotes they ask me to use pg_escape_string this function.
add1'skaka ==>add1''skaka
i mean if we input add1'skaka ==>add1''skaka function will add 1 more quote.
but into the HTML i don't want it display such 2 quotes.
Do you have any idea?
Upvotes: 0
Views: 38
Answers (2)
Reputation: 382716
i mean if we input add1'skaka ==>add1''skaka function will add 1 more quote. but into the HTML i don't want it display such 2 quotes.
You most likely have magic quotes turned on.
Upvotes: 0
Reputation: 474
pg_escape_string simply escapes your single quotes to allow strings to be safely stored into a PostgreSQL database. This needs to be done in order to avoid SQL injection attacks on your database. So yes it will double a quote in your database, but when you pull this data out of the database again, the extra quote will be gone.
add1'skaka ==>add1''skaka
In your database after a select you will only see add1'skaka
See http://en.wikipedia.org/wiki/SQL_injection for more information about SQL injection and the threats it poses
That or either: http://xkcd.com/327/ Little Bobby Tables =)
Upvotes: 2