Hi, guys. I am a third year student of Psychology from Unizik. I ve been battling with PHP lately. I could ve gone into normal mysql but some people advised me to go into PDO instead.
Now i have a problem that I cant seem to get over for the past 3 days.

what is the wahala? I am trying to mimic Seun (yes, I admire u') by creating a forum via tutorials and all. But i've ran into this - I CANT GET OUT DATA that has apostrophe " ' " from my MYSQL table. I have used htmlspecialchars to no avail.

What do i do?

Any Computer science programmer here can help me. The site is on a demo host http://infobreak./index.php .

This problem comes on when the user clicks on the like button for the comments.

I dont know if i structured this enough for anyone to understand....Just help me

That's possibly an SQL injection.
You need to sanitize your input.
Can you share a sample code?

This is for parsing it to a $_GET

<?php foreach ($resultf as $rowf)
{
$like= $rowf['liken'];
echo "<div class='blog-textM'>";
echo "<p class='centered'><div class='alert alert-warning-mine'><a href='getUser.php?t_user=".$rowf['t_user']."'><b>#".$rowf['t_user']."---</b></a>".$rowf['comment']." </p>";
$t = ('clike.php');
echo "<p class='goright'>";
echo "<span ><i class='fa fa-comment'><a href='getUser.php?t_user=".$rowf['t_user']."'>Yab </a></i></span>";
echo "<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i class='fa fa-heart'><a href='$t?comment=".htmlspecialchars($rowf['comment'], ENT_QUOTES, 'UTF-8')."'>&nbsp;$like&nbsp;</a></i></span>";
echo"</p>";
/// echo "<p></p>";
echo "<img src=".$rowf['upload']." class='img-circle-mine' alt=''>";

echo "</div></p>";
echo " <div> ";

echo "</div> </div>";
}

This is for the like button.

I intend this to insert a +1 value in like colum where the $_GET matches the comment

But it keeps throwing the error message: variable liken not defined.


$comment=$_GET['comment'];

/////

$sq = $conn->prepare("SELECT * FROM comments where comment = ? " );
$sq->bindParam(1, $comment);
$sq->execute();
$resultip=$sq->FetchALL(PDO::FETCH_ASSOC);
foreach ($resultip as $cm)
{
$liken = htmlspecialchars($cm['liken'], ENT_QUOTES | ENT_HTML5); ///aids the retrieval of results with ''
$dislike =$cm['dislike'];

}

$likez = $liken + 1;
$disli = $liken - 1;

Carefully read this...

https://www.nairaland.com/2963456/hello-house-lets-little-php

FrankLampard:
Carefully read this...

https://www.nairaland.com/2963456/hello-house-lets-little-php

Just did (most of my connections and select statements mirror ur explanation in the thread , data without apostrophes can display).....

but my wahala still remain. How do you retrieve data with special xters like apostrophe.

for e.g if a row contains Genny's birthday bash wasn't all that fun how do i get it to display as is without throwing an error.

kanayoNickel:


Just did (most of my connections and select statements mirror ur explanation in the thread , data without apostrophes can display).....

but my wahala still remain. How do you retrieve data with special xters like apostrophe.

for e.g if a row contains Genny's birthday bash wasn't all that fun how do i get it to display as is without throwing an error.

If you are sure the apostrophe exists by looking at it from your MySQL database using PHPMyAdmin, then htmlspecialchars($dataToEscape, ENT_QUOTES, 'UTF-8' false); should work.

there is a function in pdo called quote u can use it so d quote would stay that way

Normally data with apostrophe, should be escaped \' before inserting into the DB, just use PDO::quote, or you could str_replace and do the escape ur self.

I sometimes use this on the data before inserting

trim(strip_tags(stripslashes(htmlentities($input_data, ENT_QUOTES, 'UTF-8'))));