shai1 Posted March 29, 2005 Share Posted March 29, 2005 A while back I posted a question about how to deal with single and double quote marks in a string that I was trying to post back to a form field. I was told to use addslashes(). This seemed like it would be the answer to my questions, but now when I put it into practice I'm getting problems. Here is the code I'm trying to use... <input type=text name='headline' size=63 tabindex=13 value='<?php print addslashes($Headline); ?>'> The problem is that with the code like this I'm getting a text field with a slash where my single quote should be and then everything else drops off. Any thoughts on what I could do to correct my problem? Thanks, Dave Quote Link to comment Share on other sites More sharing options...
poirot Posted March 30, 2005 Share Posted March 30, 2005 Don't use addslashes in this case. Change your code to: <input type=text name='headline' size=63 tabindex=13 value="<?php print $Headline; ?>"> Notice that I've changed the single quotes to double quotes. This will prevent the browser from "thinking" that value stopped where it shouldn't stop. Also, by using this, your $Headline string can't contain double quotes Quote Link to comment Share on other sites More sharing options...
shai1 Posted March 30, 2005 Author Share Posted March 30, 2005 That is the problem I have. The text in $Headline could contain either a single quote, double quote, both or neither. I need to be able to import the and display the text in any case. If addslashes() doesn't work is there another option, or am I just using addslashes incorrectly? Thanks, Dave Don't use addslashes in this case. Change your code to: <input type=text name='headline' size=63 tabindex=13 value="<?php print $Headline; ?>"> Notice that I've changed the single quotes to double quotes. This will prevent the browser from "thinking" that value stopped where it shouldn't stop. Also, by using this, your $Headline string can't contain double quotes 219559[/snapback] Quote Link to comment Share on other sites More sharing options...
shai1 Posted March 30, 2005 Author Share Posted March 30, 2005 OK...I think I have figured out a little more about my problem. I have two simple pages, a form and then a page that prints the data entered into the form. Page1 <HTML> <BODY> <FORM ACTION='test2.php' METHOD=POST> <TEXTAREA NAME='test' COLS=46 ROWS=7 ></TEXTAREA> <input type='submit' name='submit' value='Pass Off!'> </FORM> </BODY> </HTML> Page2 <HTML> <HEAD> </HEAD> <BODY> <?php print $_POST[test]; ?> </BODY> </HTML> If I enter text in the form that says... This is David's test text When it is printed on the next page it looks like this... This is David\'s test text It's like it is automatically doing the addslashes() function. Then by the time it gets to my database, everything after the \ is dropped. I have another site with very similar code and it works correctly...what am I missing here? Thanks, Dave Quote Link to comment Share on other sites More sharing options...
bbaker Posted March 30, 2005 Share Posted March 30, 2005 <HTML> <HEAD> </HEAD> <BODY> <?php print stripslashes($_POST[test]); ?> </BODY> </HTML> Quote Link to comment Share on other sites More sharing options...
shai1 Posted March 30, 2005 Author Share Posted March 30, 2005 I tried your suggestion and it worked, but I'm frustrated that one time it worked without having to do this and now on this new site it doesn't. It makes me a little unsure of my results. I didn't have to do this with my other site. It's also still not putting the data into the database correctly! ARRRHHHH!! Quote Link to comment Share on other sites More sharing options...
bbaker Posted March 30, 2005 Share Posted March 30, 2005 I tried your suggestion and it worked, but I'm frustrated that one time it worked without having to do this and now on this new site it doesn't. It makes me a little unsure of my results. I didn't have to do this with my other site. It's also still not putting the data into the database correctly! ARRRHHHH!! 219830[/snapback] are you doing addslashes($_POST[test]) before put it into the database? Quote Link to comment Share on other sites More sharing options...
shai1 Posted March 30, 2005 Author Share Posted March 30, 2005 I've tried many combinations of addslashes() and stripslashes() and I'm still getting the same results. Quote Link to comment Share on other sites More sharing options...
bbaker Posted March 30, 2005 Share Posted March 30, 2005 http://us4.php.net/manual/en/function.addslashes.php "The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The function get_magic_quotes_gpc() may come in handy for checking this." Quote Link to comment Share on other sites More sharing options...
shai1 Posted March 30, 2005 Author Share Posted March 30, 2005 After pulling out a few more hairs and then reading your last message I realized you are correct. The slashes are already added to the string I get from my POST. So that was part of my confusion, but I'm still having a problem when I do the insert into the MySQL database. It drops everything starting where the ' was. I've determined it must be something different with the way I've configured this database vs. the other one I use where this works. I don't, however, have any idea what that change would be. Bothe databases are running on the same machine and I can't think of anything I would have done differently. Anyone out there have any thoughts? Dave Quote Link to comment Share on other sites More sharing options...
shai1 Posted March 30, 2005 Author Share Posted March 30, 2005 I have now come to a conclusion about what the problem is. I've actually got three pages...the form is broken down into two input pages. I pass the info from the first page to the second where I'm putting the data into hidden form fields. Those are then passed with the new info from the second page onto the third page which actually adds the data into the database. What is happening is the data from the first page is getting double escape characters. I wanted to code it this way so I wasn't having to "hit" the database as often. Is there a way I can make it work the way I already have it coded? Thanks, Dave Quote Link to comment Share on other sites More sharing options...
poirot Posted April 3, 2005 Share Posted April 3, 2005 Just a note: If you are trying to add them to a text field, use htmlspecialchars and htmlentities to convert the single and double quotes. Quote Link to comment Share on other sites More sharing options...
shai1 Posted February 24, 2006 Author Share Posted February 24, 2006 [!--quoteo(post=221163:date=Apr 3 2005, 05:10 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Apr 3 2005, 05:10 PM) 221163[/snapback][/div][div class=\'quotemain\'][!--quotec--] Just a note: If you are trying to add them to a text field, use [a href=\"http://www.php.net/htmlspecialchars\" target=\"_blank\"]htmlspecialchars[/a] and [a href=\"http://www.php.net/htmlentities\" target=\"_blank\"]htmlentities[/a] to convert the single and double quotes. This is exactly what I'm trying to do. Here is the situation... Page one...Form Field for user to enter data. This data may have single quote, double quote, no quote or both quote marks. I have magic_quotes off in my PHP.ini file and on the insert page I'm using addslashes() around the $_POST[item]. The data is being entered into the database correctly, but when I bring the data back to be displayed in the form field, it drops anything after the single quote mark. I've tried adding htmlspecialchars() and htmlentities, but niether are working. I'm adding htmlentities() around the data I receive from my select statement before I try and display it in a form text box. BTW...I'm using PHP 5.1.2, Apache2 and MySQL 5.0.15 Please help! I'm pulling my hair out and I don't have much left to start with. Thanks, Dave Quote Link to comment Share on other sites More sharing options...
Squirrel*Salad Posted February 26, 2006 Share Posted February 26, 2006 here is what i do to stop faults like this in a file called mainfile.php that is included on each page i have the following. /** * Disable magic_quotes_runtime */ set_magic_quotes_runtime( 0 ); /** * Addslashes to variables if magic_quote_gpc is set to off */ if ( !get_magic_quotes_gpc() ) { if ( is_array( $HTTP_GET_VARS ) ) { while ( list( $k, $v ) = each( $HTTP_GET_VARS ) ) { if ( is_array( $HTTP_GET_VARS[$k] ) ) { while ( list( $k2, $v2 ) = each( $HTTP_GET_VARS[$k] ) ) { $HTTP_GET_VARS[$k][$k2] = addslashes( $v2 ); } @reset( $HTTP_GET_VARS[$k] ); } else { $HTTP_GET_VARS[$k] = addslashes( $v ); } } @reset( $HTTP_GET_VARS ); } if ( is_array( $HTTP_POST_VARS ) ) { while ( list( $k, $v ) = each( $HTTP_POST_VARS ) ) { if ( is_array( $HTTP_POST_VARS[$k] ) ) { while ( list( $k2, $v2 ) = each( $HTTP_POST_VARS[$k] ) ) { $HTTP_POST_VARS[$k][$k2] = addslashes( $v2 ); } @reset( $HTTP_POST_VARS[$k] ); } else { $HTTP_POST_VARS[$k] = addslashes( $v ); } } @reset( $HTTP_POST_VARS ); } if ( is_array( $HTTP_COOKIE_VARS ) ) { while ( list( $k, $v ) = each( $HTTP_COOKIE_VARS ) ) { if ( is_array( $HTTP_COOKIE_VARS[$k] ) ) { while ( list( $k2, $v2 ) = each( $HTTP_COOKIE_VARS[$k] ) ) { $HTTP_COOKIE_VARS[$k][$k2] = addslashes( $v2 ); } @reset( $HTTP_COOKIE_VARS[$k] ); } else { $HTTP_COOKIE_VARS[$k] = addslashes( $v ); } } @reset( $HTTP_COOKIE_VARS ); } } this way i know all data has had slashes added. then you only have to use strip slashes when displaying data and not when adding to database. Quote Link to comment Share on other sites More sharing options...
shai1 Posted March 2, 2006 Author Share Posted March 2, 2006 My problem now has more to do with the stripslashes function rather than addslashes. When I try and display the data back into the input field I get anything after the ' cut off because that is the character that encloses the data to be displayed. What do I do to solve this problem? Thanks, Dave Quote Link to comment Share on other sites More sharing options...
wickning1 Posted March 3, 2006 Share Posted March 3, 2006 <input type=text name='headline' size=63 tabindex=13 value='<?php echo htmlspecialchars($Headline); ?>'> That doesn't solve your problem? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted March 3, 2006 Share Posted March 3, 2006 Here is a short script which does what you want: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Form Test</title> <style type="text/css"> body, html { padding: 0; margin: 0; font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 100%; } .txtinp { width: 90%; } form { display: block; width: 90%; margin-left: auto; margin-right: auto; border: 1px solid red; padding: 0.5em; margin-top: 1em; } .sub { text-align: center; color: Red; font-weight: bold; } .fw { display: block; width: 100%; text-align: center; } .label { font-weight: bold; } .dispit { text-align:center;width:100%;display:block; } </style> </head> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>"> <span class="label">Input1: </span><input class="txtinp" name="input1" <?php if (isset($_POST['input1'])) echo 'value="' . htmlentities(stripslashes($_POST['input1']),ENT_COMPAT) . '"'; ?>><br> <span class="fw"><input type="submit" class="sub" name="submit" value="Test It"></span> </form> <?php if (isset($_POST['submit'])){ echo '<pre>'.print_r($_POST,true).'</pre>'; echo 'Raw input: <br><span class="dispit" style="color:red;">' . $_POST['input1'] . "</span><br><br>\n"; echo 'Input after applying stripslashes and htmlentities with the ENT_COMPAT option: <br><span class="dispit" style="color:blue;">' . htmlentities(stripslashes($_POST['input1']),ENT_COMPAT) . "</span><br>\n"; } ?> </body> </html> See it in action at [a href=\"http://www.rbnsn.com/examples/form_value_test.php\" target=\"_blank\"]http://www.rbnsn.com/examples/form_value_test.php[/a] Ken Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.