single quote replace by ' sql server php
up vote
0
down vote
favorite
I have a simple form to add job title in an sql db using php. When I'm adding title with single quote in the db it this replace by '
The column in the db is a nchar(250).
Here's my code:
<?php
include('SQLFunction.php');
?>
<html>
<head>
<title>ITGen Title Creator</title>
<meta http-equiv=content-type content="text/html; charset=utf-8">
<link rel="icon" href="img/symbol.png">
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
</head>
<body>
<div class="container-fluid">
<nav class="navbar sticky-top menu border">
<a class="navbar-brand" href="index.php">Home</a>
</nav>
<img class="imageLogo" src="img/coveo-logo.png"/>
<h1 class="center">Create a new title</h1>
<br/><br/>
<form action="addTitle.php" method="POST" class="myForm">
<div class="container">
<div class="form-group row">
<label class="col-sm-1 col-form-label center">Title: </label>
<div class="col-sm-6 center">
<input class="form-control" type="text" name="Title" value="* | *" maxlength='250' required>
</div>
<div class="col-sm-5 center">
<button type="submit" name="addButton" class="btn btn-add">Add</button>
</div>
</div>
</div>
</form>
<br>
<hr align="center" size="5" width="90%" noshade>
<br>
<h1 class="center">All title</h1>
<?php
$sql = "SELECT *
from dbo.TITRE
order by name asc";
//echo '<br>Sql :' .$sql.'<br>We will comment this out after testing<br>';
$link = connectMSDB2();
$getResult = $link->prepare($sql);
$getResult->execute();
$result = $getResult->fetchAll(PDO::FETCH_BOTH);
echo "<div >";
echo "<table class="table table-hover tableTest" style='width:85%; margin-left:auto; margin-right:auto;'>";
echo "<thead>";
echo "<tr>";
echo "<th>Action</th>";
echo "<th>ID</th>";
echo "<th>Title</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
foreach ($result as $row) {
$id = $row['id'];
echo "<tr>";
echo "<td><a href="#edit$id" data-toggle="modal"><button type="button" class="btn btn-update" data-toggle="modal">Update</button></a>
<a href="#delete$id" data-toggle="modal"><button type="button" class="btn btn-delete" data-toggle="modal">Delete</button></a></td>";
echo "<td>{$id}</td>";
echo "<td>{$row['name']}</td>";
echo "</tr>";
echo "<div class="modal fade" id="edit$id" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel"
aria-hidden="true">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Update title {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<form action="UpdateTitle.php" method="POST">
<div class="form-group row">
<input type="hidden" name="update_id" value='{$row['id']}'>
<label class="col-sm-2 col-form-label">Title: </label>
<div class="col-sm-10">
<input class="form-control" type="text" value='{$row['name']}' name="Title" maxlength='250' required>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-delete" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-update">Update title</button>
</div>
</form>
</div>
</div>
</div>";
echo "<div class="modal fade" id="delete$id" role="dialog">
<div class="modal-dialog">
<form action="deleteTitle.php" method="POST">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Delete task {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<input type="hidden" name="delete_id" value='{$row['id']}'/>
<p>
Are you sure you want to delete: <br>
{$row['name']}
</div>
<div class="modal-footer">
<button type="submit" name="delete" class="btn btn-delete">Delete</button>
<button type="button" class="btn btn-default" data-dismiss="modal">NO</button>
</div>
</div>
</form>
</div>
</div>
</div>";
}
echo "</tbody>";
echo "</table>";
echo "</div>";
$link = null;
?>
<footer class="page-footer font-small blue">
<div class="footer-copyright text-right py-3">
powered by: <img style="width:15%" src="img/machine_learning_icon.png">
</div>
</footer>
</div>
<script src="js/bootstrap.bundle.js"></script>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"
integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49"
crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"
integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy"
crossorigin="anonymous"></script>
</body>
</html>
Here's the code to add the title in the db:
<?php
require_once('SQLFunction.php');
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
try {
$link = connectMSDB2();
$sql = "INSERT INTO dbo.TITRE(name)
VALUES (:title)";
$stmt = $link->prepare($sql);
$stmt->bindParam(':title', $title);
if($stmt->execute()){
$message = 'New Title added';
} else {
echo "<br>Error :" . $sql . "<br>" . $link->errorInfo();
}
} catch (Exception $e) {
$message = 'Unable to process request';
var_dump($e);
}
$link = null;
header("Location: indexTitle.php");
?>
What can I do to arrange this?
I've try the htmlspecialchars_decode but it doesn't work.
Thanks for your help
php
sql-server special-characters edited Nov 24 at 21:14
marc_s
567k12810961247
asked Nov 19 at 20:58
Gabriel Fournier
31
add a comment |
up vote
0
down vote
favorite
I have a simple form to add job title in an sql db using php. When I'm adding title with single quote in the db it this replace by '
The column in the db is a nchar(250).
Here's my code:
<?php
include('SQLFunction.php');
?>
<html>
<head>
<title>ITGen Title Creator</title>
<meta http-equiv=content-type content="text/html; charset=utf-8">
<link rel="icon" href="img/symbol.png">
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
</head>
<body>
<div class="container-fluid">
<nav class="navbar sticky-top menu border">
<a class="navbar-brand" href="index.php">Home</a>
</nav>
<img class="imageLogo" src="img/coveo-logo.png"/>
<h1 class="center">Create a new title</h1>
<br/><br/>
<form action="addTitle.php" method="POST" class="myForm">
<div class="container">
<div class="form-group row">
<label class="col-sm-1 col-form-label center">Title: </label>
<div class="col-sm-6 center">
<input class="form-control" type="text" name="Title" value="* | *" maxlength='250' required>
</div>
<div class="col-sm-5 center">
<button type="submit" name="addButton" class="btn btn-add">Add</button>
</div>
</div>
</div>
</form>
<br>
<hr align="center" size="5" width="90%" noshade>
<br>
<h1 class="center">All title</h1>
<?php
$sql = "SELECT *
from dbo.TITRE
order by name asc";
//echo '<br>Sql :' .$sql.'<br>We will comment this out after testing<br>';
$link = connectMSDB2();
$getResult = $link->prepare($sql);
$getResult->execute();
$result = $getResult->fetchAll(PDO::FETCH_BOTH);
echo "<div >";
echo "<table class="table table-hover tableTest" style='width:85%; margin-left:auto; margin-right:auto;'>";
echo "<thead>";
echo "<tr>";
echo "<th>Action</th>";
echo "<th>ID</th>";
echo "<th>Title</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
foreach ($result as $row) {
$id = $row['id'];
echo "<tr>";
echo "<td><a href="#edit$id" data-toggle="modal"><button type="button" class="btn btn-update" data-toggle="modal">Update</button></a>
<a href="#delete$id" data-toggle="modal"><button type="button" class="btn btn-delete" data-toggle="modal">Delete</button></a></td>";
echo "<td>{$id}</td>";
echo "<td>{$row['name']}</td>";
echo "</tr>";
echo "<div class="modal fade" id="edit$id" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel"
aria-hidden="true">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Update title {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<form action="UpdateTitle.php" method="POST">
<div class="form-group row">
<input type="hidden" name="update_id" value='{$row['id']}'>
<label class="col-sm-2 col-form-label">Title: </label>
<div class="col-sm-10">
<input class="form-control" type="text" value='{$row['name']}' name="Title" maxlength='250' required>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-delete" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-update">Update title</button>
</div>
</form>
</div>
</div>
</div>";
echo "<div class="modal fade" id="delete$id" role="dialog">
<div class="modal-dialog">
<form action="deleteTitle.php" method="POST">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Delete task {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<input type="hidden" name="delete_id" value='{$row['id']}'/>
<p>
Are you sure you want to delete: <br>
{$row['name']}
</div>
<div class="modal-footer">
<button type="submit" name="delete" class="btn btn-delete">Delete</button>
<button type="button" class="btn btn-default" data-dismiss="modal">NO</button>
</div>
</div>
</form>
</div>
</div>
</div>";
}
echo "</tbody>";
echo "</table>";
echo "</div>";
$link = null;
?>
<footer class="page-footer font-small blue">
<div class="footer-copyright text-right py-3">
powered by: <img style="width:15%" src="img/machine_learning_icon.png">
</div>
</footer>
</div>
<script src="js/bootstrap.bundle.js"></script>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"
integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49"
crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"
integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy"
crossorigin="anonymous"></script>
</body>
</html>
Here's the code to add the title in the db:
<?php
require_once('SQLFunction.php');
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
try {
$link = connectMSDB2();
$sql = "INSERT INTO dbo.TITRE(name)
VALUES (:title)";
$stmt = $link->prepare($sql);
$stmt->bindParam(':title', $title);
if($stmt->execute()){
$message = 'New Title added';
} else {
echo "<br>Error :" . $sql . "<br>" . $link->errorInfo();
}
} catch (Exception $e) {
$message = 'Unable to process request';
var_dump($e);
}
$link = null;
header("Location: indexTitle.php");
?>
What can I do to arrange this?
I've try the htmlspecialchars_decode but it doesn't work.
Thanks for your help
php
sql-server special-characters edited Nov 24 at 21:14
marc_s
567k12810961247
asked Nov 19 at 20:58
Gabriel Fournier
31
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a simple form to add job title in an sql db using php. When I'm adding title with single quote in the db it this replace by '
The column in the db is a nchar(250).
Here's my code:
<?php
include('SQLFunction.php');
?>
<html>
<head>
<title>ITGen Title Creator</title>
<meta http-equiv=content-type content="text/html; charset=utf-8">
<link rel="icon" href="img/symbol.png">
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
</head>
<body>
<div class="container-fluid">
<nav class="navbar sticky-top menu border">
<a class="navbar-brand" href="index.php">Home</a>
</nav>
<img class="imageLogo" src="img/coveo-logo.png"/>
<h1 class="center">Create a new title</h1>
<br/><br/>
<form action="addTitle.php" method="POST" class="myForm">
<div class="container">
<div class="form-group row">
<label class="col-sm-1 col-form-label center">Title: </label>
<div class="col-sm-6 center">
<input class="form-control" type="text" name="Title" value="* | *" maxlength='250' required>
</div>
<div class="col-sm-5 center">
<button type="submit" name="addButton" class="btn btn-add">Add</button>
</div>
</div>
</div>
</form>
<br>
<hr align="center" size="5" width="90%" noshade>
<br>
<h1 class="center">All title</h1>
<?php
$sql = "SELECT *
from dbo.TITRE
order by name asc";
//echo '<br>Sql :' .$sql.'<br>We will comment this out after testing<br>';
$link = connectMSDB2();
$getResult = $link->prepare($sql);
$getResult->execute();
$result = $getResult->fetchAll(PDO::FETCH_BOTH);
echo "<div >";
echo "<table class="table table-hover tableTest" style='width:85%; margin-left:auto; margin-right:auto;'>";
echo "<thead>";
echo "<tr>";
echo "<th>Action</th>";
echo "<th>ID</th>";
echo "<th>Title</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
foreach ($result as $row) {
$id = $row['id'];
echo "<tr>";
echo "<td><a href="#edit$id" data-toggle="modal"><button type="button" class="btn btn-update" data-toggle="modal">Update</button></a>
<a href="#delete$id" data-toggle="modal"><button type="button" class="btn btn-delete" data-toggle="modal">Delete</button></a></td>";
echo "<td>{$id}</td>";
echo "<td>{$row['name']}</td>";
echo "</tr>";
echo "<div class="modal fade" id="edit$id" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel"
aria-hidden="true">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Update title {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<form action="UpdateTitle.php" method="POST">
<div class="form-group row">
<input type="hidden" name="update_id" value='{$row['id']}'>
<label class="col-sm-2 col-form-label">Title: </label>
<div class="col-sm-10">
<input class="form-control" type="text" value='{$row['name']}' name="Title" maxlength='250' required>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-delete" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-update">Update title</button>
</div>
</form>
</div>
</div>
</div>";
echo "<div class="modal fade" id="delete$id" role="dialog">
<div class="modal-dialog">
<form action="deleteTitle.php" method="POST">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Delete task {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<input type="hidden" name="delete_id" value='{$row['id']}'/>
<p>
Are you sure you want to delete: <br>
{$row['name']}
</div>
<div class="modal-footer">
<button type="submit" name="delete" class="btn btn-delete">Delete</button>
<button type="button" class="btn btn-default" data-dismiss="modal">NO</button>
</div>
</div>
</form>
</div>
</div>
</div>";
}
echo "</tbody>";
echo "</table>";
echo "</div>";
$link = null;
?>
<footer class="page-footer font-small blue">
<div class="footer-copyright text-right py-3">
powered by: <img style="width:15%" src="img/machine_learning_icon.png">
</div>
</footer>
</div>
<script src="js/bootstrap.bundle.js"></script>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"
integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49"
crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"
integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy"
crossorigin="anonymous"></script>
</body>
</html>
Here's the code to add the title in the db:
<?php
require_once('SQLFunction.php');
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
try {
$link = connectMSDB2();
$sql = "INSERT INTO dbo.TITRE(name)
VALUES (:title)";
$stmt = $link->prepare($sql);
$stmt->bindParam(':title', $title);
if($stmt->execute()){
$message = 'New Title added';
} else {
echo "<br>Error :" . $sql . "<br>" . $link->errorInfo();
}
} catch (Exception $e) {
$message = 'Unable to process request';
var_dump($e);
}
$link = null;
header("Location: indexTitle.php");
?>
What can I do to arrange this?
I've try the htmlspecialchars_decode but it doesn't work.
Thanks for your help
php
sql-server special-characters edited Nov 24 at 21:14
marc_s
567k12810961247
asked Nov 19 at 20:58
Gabriel Fournier
31
I have a simple form to add job title in an sql db using php. When I'm adding title with single quote in the db it this replace by '
The column in the db is a nchar(250).
Here's my code:
<?php
include('SQLFunction.php');
?>
<html>
<head>
<title>ITGen Title Creator</title>
<meta http-equiv=content-type content="text/html; charset=utf-8">
<link rel="icon" href="img/symbol.png">
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
</head>
<body>
<div class="container-fluid">
<nav class="navbar sticky-top menu border">
<a class="navbar-brand" href="index.php">Home</a>
</nav>
<img class="imageLogo" src="img/coveo-logo.png"/>
<h1 class="center">Create a new title</h1>
<br/><br/>
<form action="addTitle.php" method="POST" class="myForm">
<div class="container">
<div class="form-group row">
<label class="col-sm-1 col-form-label center">Title: </label>
<div class="col-sm-6 center">
<input class="form-control" type="text" name="Title" value="* | *" maxlength='250' required>
</div>
<div class="col-sm-5 center">
<button type="submit" name="addButton" class="btn btn-add">Add</button>
</div>
</div>
</div>
</form>
<br>
<hr align="center" size="5" width="90%" noshade>
<br>
<h1 class="center">All title</h1>
<?php
$sql = "SELECT *
from dbo.TITRE
order by name asc";
//echo '<br>Sql :' .$sql.'<br>We will comment this out after testing<br>';
$link = connectMSDB2();
$getResult = $link->prepare($sql);
$getResult->execute();
$result = $getResult->fetchAll(PDO::FETCH_BOTH);
echo "<div >";
echo "<table class="table table-hover tableTest" style='width:85%; margin-left:auto; margin-right:auto;'>";
echo "<thead>";
echo "<tr>";
echo "<th>Action</th>";
echo "<th>ID</th>";
echo "<th>Title</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
foreach ($result as $row) {
$id = $row['id'];
echo "<tr>";
echo "<td><a href="#edit$id" data-toggle="modal"><button type="button" class="btn btn-update" data-toggle="modal">Update</button></a>
<a href="#delete$id" data-toggle="modal"><button type="button" class="btn btn-delete" data-toggle="modal">Delete</button></a></td>";
echo "<td>{$id}</td>";
echo "<td>{$row['name']}</td>";
echo "</tr>";
echo "<div class="modal fade" id="edit$id" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel"
aria-hidden="true">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Update title {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<form action="UpdateTitle.php" method="POST">
<div class="form-group row">
<input type="hidden" name="update_id" value='{$row['id']}'>
<label class="col-sm-2 col-form-label">Title: </label>
<div class="col-sm-10">
<input class="form-control" type="text" value='{$row['name']}' name="Title" maxlength='250' required>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-delete" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-update">Update title</button>
</div>
</form>
</div>
</div>
</div>";
echo "<div class="modal fade" id="delete$id" role="dialog">
<div class="modal-dialog">
<form action="deleteTitle.php" method="POST">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Delete task {$row['id']}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
<input type="hidden" name="delete_id" value='{$row['id']}'/>
<p>
Are you sure you want to delete: <br>
{$row['name']}
</div>
<div class="modal-footer">
<button type="submit" name="delete" class="btn btn-delete">Delete</button>
<button type="button" class="btn btn-default" data-dismiss="modal">NO</button>
</div>
</div>
</form>
</div>
</div>
</div>";
}
echo "</tbody>";
echo "</table>";
echo "</div>";
$link = null;
?>
<footer class="page-footer font-small blue">
<div class="footer-copyright text-right py-3">
powered by: <img style="width:15%" src="img/machine_learning_icon.png">
</div>
</footer>
</div>
<script src="js/bootstrap.bundle.js"></script>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"
integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49"
crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"
integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy"
crossorigin="anonymous"></script>
</body>
</html>
Here's the code to add the title in the db:
<?php
require_once('SQLFunction.php');
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
try {
$link = connectMSDB2();
$sql = "INSERT INTO dbo.TITRE(name)
VALUES (:title)";
$stmt = $link->prepare($sql);
$stmt->bindParam(':title', $title);
if($stmt->execute()){
$message = 'New Title added';
} else {
echo "<br>Error :" . $sql . "<br>" . $link->errorInfo();
}
} catch (Exception $e) {
$message = 'Unable to process request';
var_dump($e);
}
$link = null;
header("Location: indexTitle.php");
?>
What can I do to arrange this?
I've try the htmlspecialchars_decode but it doesn't work.
Thanks for your help
php
sql-server special-characters php
sql-server special-characters edited Nov 24 at 21:14
marc_s
567k12810961247
asked Nov 19 at 20:58
Gabriel Fournier
31
edited Nov 24 at 21:14
marc_s
567k12810961247
asked Nov 19 at 20:58
Gabriel Fournier
31
edited Nov 24 at 21:14
marc_s
567k12810961247
edited Nov 24 at 21:14
marc_s
567k12810961247
edited Nov 24 at 21:14
marc_s
567k12810961247
567k12810961247
asked Nov 19 at 20:58
Gabriel Fournier
31
asked Nov 19 at 20:58
Gabriel Fournier
31
asked Nov 19 at 20:58
Gabriel Fournier
31
31
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
2
down vote
You specifically told it to do that.
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
FILTER_SANITIZE_STRING will encode quotes by default.
You're binding the title value to a prepared statement, so you shouldn't need to filter it at all as far as the query is concerned.
You can store the value as submitted, but you should escape it with htmlspecialchars when you output it. If you want to prevent users from using HTML in titles, you can validate their input and if it contains unacceptable characters then show them an error without inserting anything.
answered Nov 19 at 21:12
Don't Panic
27.8k93554
yes, FILTER_SANITIZE_STRING does FILTER_FLAG_STRIP_BACKTICK
– Brandon Nelson
Nov 19 at 21:13
add a comment |
up vote
-1
down vote
Try htmlentities() this will convert single quote to the html entity and while outputting back use html_entity_decode() http://php.net/manual/en/function.htmlentities.php
answered Nov 19 at 21:10
Azharuddin Laskar
222
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
You specifically told it to do that.
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
FILTER_SANITIZE_STRING will encode quotes by default.
You're binding the title value to a prepared statement, so you shouldn't need to filter it at all as far as the query is concerned.
You can store the value as submitted, but you should escape it with htmlspecialchars when you output it. If you want to prevent users from using HTML in titles, you can validate their input and if it contains unacceptable characters then show them an error without inserting anything.
answered Nov 19 at 21:12
Don't Panic
27.8k93554
yes, FILTER_SANITIZE_STRING does FILTER_FLAG_STRIP_BACKTICK
– Brandon Nelson
Nov 19 at 21:13
add a comment |
up vote
2
down vote
You specifically told it to do that.
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
FILTER_SANITIZE_STRING will encode quotes by default.
You're binding the title value to a prepared statement, so you shouldn't need to filter it at all as far as the query is concerned.
You can store the value as submitted, but you should escape it with htmlspecialchars when you output it. If you want to prevent users from using HTML in titles, you can validate their input and if it contains unacceptable characters then show them an error without inserting anything.
answered Nov 19 at 21:12
Don't Panic
27.8k93554
yes, FILTER_SANITIZE_STRING does FILTER_FLAG_STRIP_BACKTICK
– Brandon Nelson
Nov 19 at 21:13
add a comment |
up vote
2
down vote
up vote
2
down vote
You specifically told it to do that.
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
FILTER_SANITIZE_STRING will encode quotes by default.
You're binding the title value to a prepared statement, so you shouldn't need to filter it at all as far as the query is concerned.
You can store the value as submitted, but you should escape it with htmlspecialchars when you output it. If you want to prevent users from using HTML in titles, you can validate their input and if it contains unacceptable characters then show them an error without inserting anything.
answered Nov 19 at 21:12
Don't Panic
27.8k93554
You specifically told it to do that.
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
FILTER_SANITIZE_STRING will encode quotes by default.
You're binding the title value to a prepared statement, so you shouldn't need to filter it at all as far as the query is concerned.
You can store the value as submitted, but you should escape it with htmlspecialchars when you output it. If you want to prevent users from using HTML in titles, you can validate their input and if it contains unacceptable characters then show them an error without inserting anything.
answered Nov 19 at 21:12
Don't Panic
27.8k93554
edited Nov 19 at 21:25
answered Nov 19 at 21:12
Don't Panic
27.8k93554
answered Nov 19 at 21:12
Don't Panic
27.8k93554
answered Nov 19 at 21:12
Don't Panic
27.8k93554
27.8k93554
yes, FILTER_SANITIZE_STRING does FILTER_FLAG_STRIP_BACKTICK
– Brandon Nelson
Nov 19 at 21:13
add a comment |
yes, FILTER_SANITIZE_STRING does FILTER_FLAG_STRIP_BACKTICK
– Brandon Nelson
Nov 19 at 21:13
yes, FILTER_SANITIZE_STRING does FILTER_FLAG_STRIP_BACKTICK
– Brandon Nelson
Nov 19 at 21:13
yes, FILTER_SANITIZE_STRING does FILTER_FLAG_STRIP_BACKTICK
– Brandon Nelson
Nov 19 at 21:13
add a comment |
up vote
-1
down vote
Try htmlentities() this will convert single quote to the html entity and while outputting back use html_entity_decode() http://php.net/manual/en/function.htmlentities.php
answered Nov 19 at 21:10
Azharuddin Laskar
222
add a comment |
up vote
-1
down vote
Try htmlentities() this will convert single quote to the html entity and while outputting back use html_entity_decode() http://php.net/manual/en/function.htmlentities.php
answered Nov 19 at 21:10
Azharuddin Laskar
222
add a comment |
up vote
-1
down vote
up vote
-1
down vote
Try htmlentities() this will convert single quote to the html entity and while outputting back use html_entity_decode() http://php.net/manual/en/function.htmlentities.php
answered Nov 19 at 21:10
Azharuddin Laskar
222
Try htmlentities() this will convert single quote to the html entity and while outputting back use html_entity_decode() http://php.net/manual/en/function.htmlentities.php
answered Nov 19 at 21:10
Azharuddin Laskar
222
answered Nov 19 at 21:10
Azharuddin Laskar
222
answered Nov 19 at 21:10
Azharuddin Laskar
222
answered Nov 19 at 21:10
Azharuddin Laskar
222
222
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53382530%2fsingle-quote-replace-by-39-sql-server-php%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
