开发者

How to deal with the Irish (ex. O'Brien, O'Connor) after mysql_real_escape_string()?

开发者 https://www.devze.com 2023-03-20 03:14 出处:网络
I have a form that takes som开发者_运维技巧eone\'s name.It\'s a basic regex that only takes letters and apostrophes.So when I perform a mysql_real_escape_string() on the string Conan O\'Brien, Conan O

I have a form that takes som开发者_运维技巧eone's name. It's a basic regex that only takes letters and apostrophes. So when I perform a mysql_real_escape_string() on the string Conan O'Brien, Conan O\'Brien gets stored.

When I want to send an automated email out, it would be addressed to Conan O\'Brien in the body instead of Conan O'Brien.

How is the best way to do with this special case?

I was thinking I could remove the \ after performing the mysql_real_escape_string() and before inserting the person into the database. Or I could also leave the backslash in the database but remove it the backslash each time I send out an email.


I'd use stripslashes() when you wish to display it. You could strip the slashes right after you retrieve the user object but keep in mind if you output the name in javascript or HTML you may need to escape it again as it could cause unbalanced quotes.


The best solution would be to work with prepared statements, cause then no field-values have to be escaped. Later you htmlentiticize the mail body for example.

0

精彩评论

暂无评论...
验证码 换一张
取 消