Announcement

Collapse
No announcement yet.

Apostrophe in form causing SQL problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Apostrophe in form causing SQL problem

    In a form configured as unique record if I put an apostrophe in a text field and save the form, it is saved (with the apostrophe) but after that, I go on the second record via the toolbar and then move back to the first record (the one with the apostrophe) and it does not work.
    If I remove the apostrophe, all is ok.

    Anyone had that kind of problem ?

    Thanks

    Sylvain

  • #2
    Originally posted by sdanigo View Post
    In a form configured as unique record if I put an apostrophe in a text field and save the form, it is saved (with the apostrophe) but after that, I go on the second record via the toolbar and then move back to the first record (the one with the apostrophe) and it does not work.
    If I remove the apostrophe, all is ok.

    Anyone had that kind of problem ?

    Thanks

    Sylvain
    Use the mysql_real_escape_string function as shown below...

    $item = "Zak's Laptop";
    $escaped_item = mysql_escape_string($item);
    printf("Escaped string: %s\n", $escaped_item);


    The above example will output:

    Escaped string: Zak\'s Laptop

    Comment


    • #3
      Hi, thanks for your response.
      I think that should be handle directly by SC.
      For me, it is a bug, it works in certain kind forms, not in others , .....

      If, each time we have a text field in a form we have to "escape" it otherwise it will probably crash, the "rapid web development tool on the market" as SC say on their web site become rapidless.....

      So, please SC, it will be greatly appreciated if you fix that.

      Sylvain

      Comment


      • #4
        Originally posted by sdanigo View Post
        Hi, thanks for your response.
        I think that should be handle directly by SC.
        For me, it is a bug, it works in certain kind forms, not in others , .....

        If, each time we have a text field in a form we have to "escape" it otherwise it will probably crash, the "rapid web development tool on the market" as SC say on their web site become rapidless.....

        So, please SC, it will be greatly appreciated if you fix that.

        Sylvain
        I for certain would not allow each and every field to be escaped for everything. It depends on the use and thus it's up to the programmer to decide when or when not to use. It's just how php work. Has nothing to do with SC imho.
        Albert Drent
        aducom software netherlands
        scriptcase partner, reseller, support and (turn-key) development
        www.scriptcase.eu / www.scriptcase.nl

        Comment


        • #5
          Originally posted by aducom View Post
          I for certain would not allow each and every field to be escaped for everything. It depends on the use and thus it's up to the programmer to decide when or when not to use. It's just how php work. Has nothing to do with SC imho.
          Hi ,
          in that case, they have to be consistent: they do it (escape) or not.... But not do it when the form is that way, and not do it when the form is another way......

          For me that's a bug.

          Sylvain

          Comment


          • #6
            Originally posted by sdanigo View Post
            Hi ,
            in that case, they have to be consistent: they do it (escape) or not.... But not do it when the form is that way, and not do it when the form is another way......

            For me that's a bug.

            Sylvain
            I agree with Albert. It all depends on how you use it and not necessarily an SC problem. You would have a similar problem in any other tool. I have had to take care of string fields with quotes whether it is .net or java or any other tool for that matter. An string or a sql statement with an apostrophe becomes a unclosed string because of the presence of that single 'quote'.
            It is up to you to close the string properly before the SQL statement is sent to the database. Otherwise it will result in syntax errors related to the string.

            Comment


            • #7
              Originally posted by kendsouza View Post
              I agree with Albert. It all depends on how you use it and not necessarily an SC problem. You would have a similar problem in any other tool. I have had to take care of string fields with quotes whether it is .net or java or any other tool for that matter. An string or a sql statement with an apostrophe becomes a unclosed string because of the presence of that single 'quote'.
              It is up to you to close the string properly before the SQL statement is sent to the database. Otherwise it will result in syntax errors related to the string.
              Well, I must miss something.
              As we all know, a quote will result in problems with SQL. I know that.
              For a text field, we never know if the user will put a quote in, and we can't ask user not to do that.
              Of course, I can take care of all the text field, but, we are talking about a tool that it suppose to speed up the dev. process, that kind of 'will happen' problem should be handle.
              So, in my opinion, for text field, a procedure that take care of that kind of problem must be there.
              Of course, as Albert says, I don't want all my fields to be processed, but text fields, YES.

              Do you have an example of text field that you are sure that people never put a quote in ? And if for some reason you have one, don't you think it should be that field to have a manual process, instead of 99% of text field ?

              And by the way, that procedure is currently implemented by SC , the problem I'm talking about is that this is not consistent, in some kind of forms (see my first post), it doesn't work,I was not aware of that and so, the problems appear as one of my client (how stupid he is) use a quote in a text field and all was messed.

              I use SC and I'm satisfied at 80 % (worst thing I think is the support, the bugs introduce with release and the time for SC team to solve problems raised by their clients).

              I don't post to complain, but just to raise a point (I think) that could improve the product we use for our customers.
              Actually, of course, I escape all my text fields manually :-(

              Thanks

              Sylvain

              PS: I've put some quote in my response and I hope all will be ok........ That's a joke.....

              Comment


              • #8
                Well, I must admit that escaping multiline edit would be helpful. But I still think it's not a bug. However, a field property to enable/disable this (including one for escaping html) would be the best option imho.
                Albert Drent
                aducom software netherlands
                scriptcase partner, reseller, support and (turn-key) development
                www.scriptcase.eu / www.scriptcase.nl

                Comment

                Working...
                X