Jump to content

How to take input from user with ' in it and then echo out to a webpage.

00stuff

By 00stuff
in PHP Coding Help

 Share

Recommended Posts

00stuff Member

00stuff

Posted
Posted

Hi guys, I am creating a simple page that takes input from the user in several text boxes and one text area. Then when you click on the submit button it stores that data into a MySQL database. Additional to this input page there will be a second page that shows the data that was stored in the database. It should be a simple project. The problem that I'm having is that when the user inputs data with ' apostrophes in it. It crashes my code. It doesn't show what ever is after the ' apostrophe is disregarded and the data doesn't show with the echo command.

 

I really don't know what to do. I tried using some addslashes and removeslashes functions but they did not work. Maybe I used them incorrectly. That is why I need help. Here is my code.

 

page that takes input: ( right now it is also the page that shows the data from the database. I will separate it later. )

 

 

<html>
<head>
<title>Tutorial Input</title>
</head>
<body link="blue" vlink="blue" alink="blue">
<h2> New Article </h2>
<br>
<form name="tutorial_form" method="post" action="inputarticle.php">

Title: <input name="tutorial_title" type="text"> Category: <input name="tutorial_category" type="text">
<br><br>
Content:<br>
<textarea rows='10' cols='90' name='tutorial_content'>
</textarea><br><br>
Tags:<br>
<textarea rows='5' cols='30' name='tutorial_tags'>
</textarea><br><br>
<input type="submit" value="Submit">

</form>
<br>
<hr>
<br>

<?php

$con = mysql_connect("host","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }


mysql_select_db("database", $con);

$result = mysql_query("SELECT * FROM tutorial_articles ORDER BY title");


while($row = mysql_fetch_array($result))
  {
  
   $link = "<a href='tutorialshow.php?id=" . $row['id'] . "&title=" . $row['title'] . "&category=" . $row['category'] . "&content=" . $row['content'] . "&tags=" . $row['tags'] . "' target='new'>" . $row['title'] . "</a>";
    


echo $link . "<br>";

  }


mysql_close($con);
?> 



</body>
</html>

 

Then the code that enters the data to the database is this.

 

<?php


$a_title = $_POST["tutorial_title"];
$a_category = $_POST["tutorial_category"];
$a_content = $_POST["tutorial_content"];
$a_tags = $_POST["tutorial_tags"];



$con = mysql_connect("host","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }



mysql_select_db("itdirectory", $con);

$sql="INSERT INTO tutorial_articles (title, category, content, tags)
VALUES
('$a_title','$a_category','$a_content','$a_tags')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";


mysql_close($con);
?>  


<html>
<head>
<script type="text/javascript">
<!--
function delayer(){    window.location = "tutorialform.php"}
//-->
</script>
</head>

<body onLoad="setTimeout('delayer()', 3000)"><h2>Prepare to be redirected!</h2>




</body>
</html>

 

 

Then the last page is just the page that opens after someone clicks on the link that is displayed on the input/link page:

 

<?php 

$id = $_GET['id'];
$title = $_GET['title'];
$category = $_GET['category'];
$content = $_GET['content'];
$tags = $_GET['tags'];

?>

<html>
<head>
<title><?php echo $title; ?></title>
</head>

<body>

<?php 

echo "<font size='5'>" . $title . "</font> - <font color='green' size='2'>" . $category . "</font><br><br>";

echo $content; 



?>

</body>
</html>

 

Any help is welcome. Thanks in advanced.

EDITed for CODE tags

msaz87 Regular Member

msaz87

Posted
Posted

Use the addslashes function to escape any characters that would screw it up...

 

$a_title = addslashes($_POST["tutorial_title"]);
$a_category = addslashes($_POST["tutorial_category"]);
$a_content = addslashes($_POST["tutorial_content"]);
$a_tags = addslashes($_POST["tutorial_tags"]);

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

A ' has meaning in HTML and it will break the HTML on your page if you simply echo/output it. Any content that you output on a page (that is not intended to be html tags) needs to be passed through htmlentities with the second parameter set to ENT_QUOTES

00stuff Member

00stuff

Posted
  • Author
Posted

Ok, guys I tried the htmlentities() with the second parameter set to ENT_QUOTES like this:

 

$link = "<a href='tutorialshow.php?id=" . $row['id'] . "&title=" . htmlentities($row['title'], ENT_QUOTES) . "&category=" . htmlentities($row['category'], ENT_QUOTES) . "&content=" . htmlentities($row['content'], ENT_QUOTES) . "&tags=" . htmlentities($row['tags'], ENT_QUOTES) . "' target='new'>" . htmlentities($row['title'], ENT_QUOTES) . "</a>";

 

echo $link . "<br>";

 

but I get this on the output for the title part (the part with the ' )

Can\'t be working.

 

It places that \ and I don't need that. Do I have to use that stripslash function now?

webmaster1 Advanced Member

webmaster1

Posted
Posted

It places that \ and I don't need that. Do I have to use that stripslash function now?

 

Yes. Stripslashes will do the trick.

 

<?php
// Remove backslashes...
stripslashes($somevariable);
// Notes: http://php.net/manual/en/function.stripslashes.php
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.