Jump to content

[SOLVED] single quotes getting overused and confusing


Recommended Posts

<td><input size='25' maxlength='255' name='title' type='text' value='You're the One for Me'/></td>

 

Hi

The code above is html generated from an SQL query. As you can see in the value field there is a ' single quote which is ending the value at YOU, not the whole song title. Can anyone suggest how to fix this. The SQL table has You're the One for Me successfully added to the record and I am using single and double quotes in the php to avoid confusion there like this

 

   echo( "<tr><td>Song Title</td><td>" . "<input size='25' maxlength='255' name='title' type='text'" . "value='" . $row["title"] . "'/>" . "</td></tr>" );

 

Thanks

Robert

Please excuse me if I am being dense but - I tried adding addslashes as you prescribed to the page that was displaying the truncated song title and what I then got was

 

You\

 

and the rest truncated becasue the html code returned was

<td><input size='25' maxlength='255' name='title' type='text' value='You\'re the One for Me'/></td>

 

I also thought maybe it was meant to make your data entry page put as slash before the ' but that wasnt it either.

I must be missing something here

 

Robert

Good Morning:

Well I tried as suggested I added slashes and stripped slashes and the title was still truncated and really I couldnt see how that would fix the problem. I do understand the idea behind slashes or escaping out characters that could be harmful if just anyone can add them to create an SQL statement rather than just adding data. However in this case the problem is really in the html statement, but I'm posting this in the SQL forum because it is a direct result of SQL.

 

When the song title YOU'RE THE ONE is displayed in say a table like this:

<tr><td>YOU'RE THE ONE</td></tr>

that is fine - no problem but

when it is displayed in a input tag like this:

<tr><td><input size='25' maxlength='255' name='title' type='text' value='You're the One'/>YOU'RE THE ONE</td></tr>

then the ' after YOU ends that field and the song title displays as YOU not YOU'RE THE ONE and this makes perfect sense - if I were writing this as HTML I would see that extra ' and remove it as a mistake.

 

The thing is even if I add and remove an escape slash that does not change the fact that the ' after YOU is still there and HTML-wise it is still a mistake. The only way I have temporarily fixed this is to use &#39; in the song title but it isnt very slick telling users to use &#39;

 

Does this long explanation change what anyone thinks is the right approach

 

Thanks

Robert

Hi

OK my problem with double quoting the song title value is that since this is written on the fly with this code

 

 

   echo( "<tr><td>Song Title</td><td>" . "<input size='25' maxlength='255' name='title' type='text'" . " value='" . $row["title"] . "'/>" . "</td></tr>" );

 

 

I would have to change it to ????. I can't see how to change this to make it write double quotes in the html without doing something like . " value="" . $row["title"] . ""/>" and the two double quotes would, I believe, get me in trouble too. Right? So is there another way of writing the code above to achieve the HTML that Barand is suggesting ie double quotes on the song title

 

Thanks

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.