[SOLVED] How to disable apostrophe in input field?

[inferium]

Heya everyone, I'm having a slight problem. I have a form that I want to disable apostrophes in when users input in a text box. Can anybody help me please? Thanks a bunch!!

[genericnumber1]

You could strip the apostrophes when they submit, error if they submit them, or use javascript to disallow submission if they have an apostrophe (you would still need a server-side check though). If you're just trying to secure a sql query or something similar to that though, just escaping it is the best way.

[kenrbnsn]

Why do you want to do this? If the reason is that they are causing problems when storing in a MySQL database, then you have to use mysql_real_escape_string on the values when storing them.

 

Ken

[inferium]

Ah thanks guys The reason is that it mysql errors when I try to submit the app. I'm using a csv database that this form feeds into. Do you think escaping it would be the best method? I've seen a few javascripts that disable commas and apostrophes, but apparently it's not cross-browser compatible all the time.

[dietkinnie]

Not sure if this is what you men but cant you use something like this ?

 

$text = 'The food's good'

 

$remove = preg_replace("/'/",'',$text);

 

$remove would display : 'The foods good'

[inferium]

does that work for input fields in a form as well? or just pre-determined text?

[dietkinnie]

does that work for input fields in a form as well? or just pre-determined text?

 

I think it should.

 

input.php

 

<html>
<body>

<form action="myform.php" method="post">
<p>Your Name: <input type="text" name="yourname" /><br />
</form>

</body>
</html>

 

myform.php

 

<html>
<body>

<?php
$fname =  $_POST['yourname'];
$remove = preg_replace('/"/','',$fname);

echo $remove;
?>

</body>
</html>

 

If you run input.php and enter the text 'John"Brown" for example, the output would be 'John Brown'.

[inferium]

ah sweet, thanks!

[premiso]

Alternatively, you could code properly for mysql and allow the use of apostrohes.

 

See mysql_real_escape_string as it will properly escape the right items to prevent mysql from causing a fuss over stuff.

 

<?php

if (isset($_POST['submit'])) { // given that your submit button is named submit
    $field = isset($_POST['field'])?mysql_real_escape_string($_POST['field']):null;

    // mysql items

}
?>

 

Just now that this is for textual data, if a numeric data you should verify it is numeric etc. But that would escape your field properly and allow you to store apostrophes without worry of an error.