I have some articles in a MySQL database which I have inserted manually via WAMP/phpMyAdmin (I typed them in manually, rather than via an 'insert' statement). The problem is, that when I go edit the entry, again via WAMP/phpMyAdmin, I make changes and click save, but the changes aren't saved, they're ignored. I think this is happening because of the quotation marks, but it may also be related to the HTML which I'm included in the article (it's an article about HTML and therefore includes some <pre> tags, and some HTML inside the <pre> tags which is written using HTML entities.). Does anyone know the best way to enter quotation marks and HTML when typing manually, should I be using HTML entities for either the quotation marks of the HTML tags?

2 answers

Emily G 620

Yes. You should escape special characters with a backslash. Jack\'s car

If you are adding information within a php program you can use mysql_real_escape_string() or addslashes()

How to escape special characters

Answered about 8 years ago by Emily G
  • Thanks Emily. I knew about doing it via PHP and do use addslashes() / stripslashes() and mysql_real_escape_string() - but I thought that was just to get the values INTO the database, and that they wouldn't actually appear in the database, which they do if I type them in manually. That said, I can now edit my entry manually having escapes both single and double quotation marks, but now they appear in the output on my website. To complete the process, do I need to strip slashes when retrieving the value from the database? Edward Williams about 8 years ago
  • Yes, you do need to strip the slashes when retrieving the value. I think phpmyadmin just builds the query string which is why the data was not saved when the quotes were not escaped. Emily G about 8 years ago

I may have fixed it by placing a backslash before the quotation marks, but I'd appreciate some back-up if anyone agrees with this.

Answered about 8 years ago by Edward Williams