Searching and Replacing Character Entities

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have been using TinyMCE as a WYSIWYG editor for getting content into
a database and then exporting that data into an XML format to redender
in flash using CDATA. The problem is that I didn't realize that Flash
has a problem with character entities such as ' ” and a few
others. I need to search and replace these but I keep on getting a SQL

I get this error:::
Query failed: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near 's Web site and landing...', content = 'Check customer's Web
site and' at line 3

My update SQL command is simple:
UPDATE theTableName
SET content = 'the new content to be inserted'
WHERE id = '22'

My PHP config on the server is (i just thought to take a look at how
the server was set up):
magic_quotes_gpc = on
magic_quotes_runtime = off
magic_quotes_sybase = off

I echo'ed out the query and I still can't see the problem. The only
thing that I can think of is that the content has " in it and I'm doing
a search and replace on it's character entity ” to change it to
the literal " but it ends up escaping those " to \" and it might end up
causing a problem in SQL. But see that sounds stupid to me so I'm not
too confident with that reasoning.

Here's the code in context as to what I'm doing currently
$newContent = str_replace($_POST['frmOldPhrase'],
$_POST['frmNewPhrase'], $srRow['content'], $contentCount);
$newTitle = str_replace($_POST['frmOldPhrase'], $_POST['frmNewPhrase'],
$srRow[$title], $titleCount);

$sqlUpdateFields = '';

if( $contentCount > 0 )
   $sqlUpdateFields .= "content = '".$newContent."'";
if( $sqlUpdateFields != '' )
    $sqlUpdateFields .= ", ";
if( $titleCount > 0 )
   $sqlUpdateFields .= "title = '".$newTitle."'";

$srUpdateSql = "UPDATE ".$table." SET ".$sqlUpdateFields." WHERE id =

That's the code I'm using. I'm stumped here. I tried addslashes()
around my content and that just added like 4 slashes because it was
escaping the already added slashes from having majic quotes on.

What am I doing wrong here??

Re: Searching and Replacing Character Entities

Tony wrote:
Quoted text here. Click to load it

First of all, you should use mysql_real_escape_string() instead of  
addslashes() to prepare your statement for inserting.

Then echo your statement before you insert it and post the entire output  
of the echo (not some dummy data - it's important) here.

P.S. - is your id a numeric field?  If so, you should not have quotes  
around '22'.  But that isn't where the message is pointing.  You have  
another problem.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline