Since I moved my blog to a new web server, the PHP version has jumped from 5.2 to 5.4. I previously wrote about changes from mysql to mysqli where I already replace some mysql queries by mysqli queries. But shortly after these obvious changes, I stumbled upon a bug in my comment form: The form didn't accept single quotes (') anymore. But I was pretty sure, this has worked before.
So I compared the same form on the old web server again:
On the PHP 5.2 server the insert of the comment immediately worked. The output of the entered comment text looked like this:
This is a test on a web server. It\'s PHP version is 5.2.
But on the PHP 5.4 server, the following error message was shown:
Fehlermeldung=You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's PHP version is 5.4.','1379575549')' at line 3
After some research, I came across the function mysql_real_escape_string (or mysqli_real_escape_string for mysqli), which does the job of escaping special characters.
Right before the SQL insert, I added the following line to let the whole comment text getting parset by mysql_real_escape_string:
$iText = mysql_real_escape_string($iText);
The comment form now worked again and the output looked kind of familiar:
This is a test on a web server. It\'s PHP version is 5.4.
It's actually funny that this has worked in PHP 5.2 without mysql_real_escape_string.
Claudio from Switzerland wrote on Sep 19th, 2013:
Yes, the backslash is correct. This is how it is stored in MySQL.
Alexander from Zürich wrote on Sep 19th, 2013:
Sure that this is correct? You now have:
This is a test on a web server. It\'s PHP version is 5.4.
With a backslash "\" in front of the '.
Should it really be like this?
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Container Containers CouchDB DB DNS Database Databases Docker ELK ElasticSearch Elasticsearch Filebeat FreeBSD GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java KVM Kibana Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher SSL Security Shell SmartOS Solaris Surveillance SystemD TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder