Jump to content

Recommended Posts

You could strip the apostrophes when they submit, error if they submit them, or use javascript to disallow submission if they have an apostrophe (you would still need a server-side check though). If you're just trying to secure a sql query or something similar to that though, just escaping it is the best way.

Ah thanks guys :) The reason is that it mysql errors when I try to submit the app. I'm using a csv database that this form feeds into. Do you think escaping it would be the best method? I've seen a few javascripts that disable commas and apostrophes, but apparently it's not cross-browser compatible all the time.

does that work for input fields in a form as well? or just pre-determined text?

 

I think it should.

 

input.php

 

<html>
<body>

<form action="myform.php" method="post">
<p>Your Name: <input type="text" name="yourname" /><br />
</form>

</body>
</html>

 

myform.php

 

<html>
<body>

<?php
$fname =  $_POST['yourname'];
$remove = preg_replace('/"/','',$fname);

echo $remove;
?>

</body>
</html>

 

If you run input.php and enter the text 'John"Brown" for example, the output would be 'John Brown'.

Alternatively, you could code properly for mysql and allow the use of apostrohes.

 

See mysql_real_escape_string as it will properly escape the right items to prevent mysql from causing a fuss over stuff.

 

<?php

if (isset($_POST['submit'])) { // given that your submit button is named submit
    $field = isset($_POST['field'])?mysql_real_escape_string($_POST['field']):null;

    // mysql items

}
?>

 

Just now that this is for textual data, if a numeric data you should verify it is numeric etc. But that would escape your field properly and allow you to store apostrophes without worry of an error.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.