Replace text

[web_master]

Hi,

 

is some possibility, to replace "xxx" (double quotes) before put it into database?

 

Mean like "xxx" to „xxx” (to opened and the encosed - 0132 - 0148)

 

thanks in advanced!

 

text written with "" is disspear when put it into database

 

T

[gevans]

Use mysql_real_escape_string()

 

It will escape special characters like single and double quotes so that they can safely be put into the database

[web_master]

<?php 

if($_POST['sn_text_original_submit']) { // submit

$TextUpload = mysql_real_escape_string($_POST['area1']);
$TextUpload = str_replace("  "," ", $TextUpload);



	$query_update = mysql_query("UPDATE `sn_text`
	SET
		`sn_text_original` = '1',
		`sn_text_nadnaslov_original` = '".$_POST['sn_text_nadnaslov']."',
		`sn_text_naslov_original` = '".$_POST['sn_text_naslov']."',
		`sn_text_podnaslov_original` = '".$_POST['sn_text_podnaslov']."',
		`area1_original` = '".$TextUpload."'
	WHERE
		`sn_text_id` = '".$_POST['sn_text_id']."'
	");


	// Reload from dBase
$query_return = mysql_query("SELECT * FROM `sn_text` WHERE `sn_text_id` = '".$_POST['sn_text_id']."'");

// Check query
if(!$query_return){
	print mysql_error();
	exit;
}

// Request query
$request = mysql_fetch_array($query_return);

}
?>

 

its still dont work

[gevans]

print your query out to see what's actually happening, and add 'or die(mysql_error());' after the mysql_query()

[premiso]

You would need to do that for any text being input to your DB, so any POST that is not a numerical character should be mysql_real_escape_string.

 

If you want the quotes to "not" affect the query, you can do htmlentities on the code before inserting it into the DB, but escaping the data properly should work just fine.

[web_master]

before the text goes in to code

<?php 

   if($_POST['sn_text_original_submit']) { // submit
   
   $TextUpload = mysql_real_escape_string($_POST['area1']);
   $TextUpload = str_replace("  "," ", $TextUpload);
   
   
   
      $query_update = mysql_query("UPDATE `sn_text`
      SET
         `sn_text_original` = '1',
         `sn_text_nadnaslov_original` = '".$_POST['sn_text_nadnaslov']."',
         `sn_text_naslov_original` = '".$_POST['sn_text_naslov']."',
         `sn_text_podnaslov_original` = '".$_POST['sn_text_podnaslov']."',
         `area1_original` = '".$TextUpload."'
      WHERE
         `sn_text_id` = '".$_POST['sn_text_id']."'
      ");
      
      
      // Reload from dBase
   $query_return = mysql_query("SELECT * FROM `sn_text` WHERE `sn_text_id` = '".$_POST['sn_text_id']."'");

// Check query
   if(!$query_return){
      print mysql_error();
      exit;
   }

// Request query
   $request = mysql_fetch_array($query_return);
   
   }
?>

 

there is an form which "cach" the text:

 

<div><form action="<?php print $_SERVER['PHP_SELF'];?>" method="post" >
		<div style="text-align: center;"><input type="submit" name="sn_text_original_submit" value="SAČUVAJ" class="Button" /></div>
		<div><input type="hidden" name="sn_text_nadnaslov" value="<?php print $request['sn_text_nadnaslov'];?>" /></div>
		<div><input type="hidden" name="sn_text_naslov" value="<?php print $request['sn_text_naslov'];?>" /></div>
		<div><input type="hidden" name="sn_text_podnaslov" value="<?php print $request['sn_text_podnaslov'];?>" /></div>
		<div><input type="hidden" name="area1" value="<?php print mysql_real_escape_string($request['area1']);?>" /></div>
		<div><input type="hidden" name="sn_text_id" value="<?php print $request['sn_text_id'];?>" /></div>
		<div><input type="hidden" name="sn_text_broj" value="<?php print $request['sn_text_broj'];?>" /></div>
		<div><input type="hidden" name="reload" value="<?php print $_REQUEST['reload'];?>" /></div>
		</form></div>

 

on line where is the input:

 

<div><input type="hidden" name="area1" value="<?php print mysql_real_escape_string($request['area1']);?>" /></div>

 

the text is without quotes - BUT in database is there the quotes

 

so in input field loks like this: something \\ typed text

in database is: something \"\" typed text

 

 

I think the best solution will be for me, if I can replace the quotes "text" to „text”. Is some possibility to change the quotes to typographic quotes when inserted into database?

 

thanx

[premiso]

You only use mysql_real_escape_string on data going into the database, not when outputting it to the screen.

 

The whole point of that is to escape characters that will throw errors to MySQL.

 

Check of Magic Quotes is on, if it is I would disable it as it is being depreciated.

 

So the first code you posted, that updates the MySQL DB, on any "string" $_POST data you want to use that mysql_real... function to escape that data.

[grissom]

Have you tried ereg_replace with a regular expression in there to change the quotes over ?

 

Also, I'm not sure what your  $TextUpload = str_replace("  "," ", $TextUpload); statement is trying to do. Are you trying to strip out whitespace ?

[web_master]

Have you tried ereg_replace with a regular expression in there to change the quotes over ?

 

Also, I'm not sure what your  $TextUpload = str_replace("  "," ", $TextUpload); statement is trying to do. Are you trying to strip out whitespace ?

 

yes, I want to eliminate 2 spaces into 1 - I dont use a ereg_replace

[.josh]

Have you tried ereg_replace with a regular expression in there to change the quotes over ?

 

Also, I'm not sure what your  $TextUpload = str_replace("  "," ", $TextUpload); statement is trying to do. Are you trying to strip out whitespace ?

 

yes, I want to eliminate 2 spaces into 1 - I dont use a ereg_replace

 

Not really the point of this thread, but doing that str_replace would only replace two spaces with one.  What happens if there's 3+ spaces? It would be more practical to do something like this:

 

$TextUpload = preg_replace('~\s+~',' ',$TextUpload);

[web_master]

$TextUpload = preg_replace('~\s+~',' ',$TextUpload)

 

its great!!! thanks

 

I find on internet for a replace quotes:

SMARTYPANTS_SMART_DOUBLEQUOTE_OPEN

SMARTYPANTS_SMART_DOUBLEQUOTE_CLOSE

 

as I see its for a smarty, is any other way to replace quotes?

[web_master]

hi,

 

I find something to replace double quotes, BUT the first is dont work, and I dont know why? - dont change the dobuble quote on beginig of string, only change the double quote on end of string...

 

What Im doing wrong????

 

$TextUpload = preg_replace('[^"]','„',$TextUpload);

$TextUpload = preg_replace('["$]','”',$TextUpload);

 

thanx

 

[drisate]

why not just

$string = str_replace('"', 'WHAT EVER YOU WANA REPLACE THE QUOTE FOR', $string);

$string = str_replace("'", 'WHAT EVER YOU WANA REPLACE THE QUOTE FOR', $string);

[web_master]

why not just

$string = str_replace('"', 'WHAT EVER YOU WANA REPLACE THE QUOTE FOR', $string);

$string = str_replace("'", 'WHAT EVER YOU WANA REPLACE THE QUOTE FOR', $string);

 

Its not good solution, because if I use this, the output will be: ”string”, but I want „string” (different quotes at begin of string and diferent quotes at end of string)

[web_master]

:'(

[.josh]

hi,

 

I find something to replace double quotes, BUT the first is dont work, and I dont know why? - dont change the dobuble quote on beginig of string, only change the double quote on end of string...

 

What Im doing wrong????

 

$TextUpload = preg_replace('[^"]','„',$TextUpload);

$TextUpload = preg_replace('["$]','”',$TextUpload);

 

thanx

 

 

Okay if your entire string is

 

"something"

 

with start of quote at the beginning and end quote at the end of the string, you almost got the preg_replaces right.  You messed up by putting the stuff inside brackets, which makes character classes; not going to really explain to you what that means as you probably don't care, point is, remove the brackets.  The 2nd one only worked by happy coincidence.  The unintended side effect just happened to match what you wanted.  The preg_replaces would look like this:

 

$TextUpload = preg_replace('^"','„',$TextUpload); // replace " at beginning of string
$TextUpload = preg_replace('"$','”',$TextUpload); // replace " at end of string

[web_master]

hi,

 

well I dont know anymore what can I do, because its dont work for me...

 

the output is this: \"some text\”

 

as You see the first double quot is wrong but the double quote at end of word is OK.

 

When I write into textarea text like this "some text" and send it I want to back it like this: „some text” (without backslahes as You see: \"some text\”)

 

Im simplify the script to try it, but its dont work...

 

<?php 

	error_reporting(E_ALL);
	@ini_set('display_errors', '1');

if($_POST['submitbutton']) {

$TextUpload = $_POST['text'];


//print $TExt;


$TextUpload = preg_replace('[^"]','„',$TextUpload); // replace " at beginning of string
$TextUpload = preg_replace('["$]','”',$TextUpload); // replace " at end of string


print $TextUpload;
}


?>
<form action="<?php print $_SERVER['PHP_SELF'];?>" method="post">
<textarea name="text" cols="30" rows="6"><?php print $TextUpload;?></textarea>
<input type="submit" name="submitbutton" value="SENT" />
</form>

 

 

 

[.josh]

$TextUpload = stripslashes($_POST['text']);

 

and p.s.- I notice in your code you have a textarea.  Dunno if you're just doing that for testing purposes, but as I told you before, that preg_replace is only going to work if the entire string is the "..."  so if you enter in for example

 

blahblah "something" blahblah "blah" more blah

 

that preg_replace is not going to go through and replace those quotes.  I would suggest a regex pattern that could (mostly) do that, but I really have to wonder why you are trying to format your stuff before putting it into the database. 

 

Other than sanitizing, data should be stored in a database in as raw a format as possible, so that you don't restrict yourself when trying to use it later.  If you format it a certain way, it would be okay for displaying that one way you had in mind, but if you want to display it some other way somewhere else, you're going to have to turn around and reformat it.