Jump to content

Apostrophe messing with ajax results


jcg31

Recommended Posts

I am using some code that I have seen on a number of forums to search a database using ajax and return a result from the `ProspectName` field  (written by Amit Sarwara and apparently working fine for others)

 

.

All works fine until the name of the prospect contains an apostrophe.  Advice from another forum suggested using addslashes with the result

$theresult=addslashes($result->ProspectName);
echo <<<html
<li onClick="fill('{$result->ProspectName}','{$result->id}','{$result->assignedrep}','1');">{$theresult}</li>
html;

and while that added the slash it didn't resolve the issue.

 

the attachment to this post provides firebug's feedback.

 

Any help would be apprecitated.

Thanks,

Jim

 

 

 

Here is the code:

<?php
 
 // PHP5 Implementation - uses MySQLi.
 // Written by Amit Sarwara
 // mysqli('localhost', 'yourUsername', 'yourPassword', 'yourDatabase');
  
     $db = new mysqli('127.0.0.1', 'root' ,'', 'progadad');
 
 if(!$db) {
  // Show error if we cannot connect.
  echo 'ERROR: Could not connect to the database.';
 } else {
  // Is there a posted query string?
  if(isset($_POST['queryString'])) {
   $queryString = $db->real_escape_string($_POST['queryString']);
   
   // Is the string length greater than 0?
   if(strlen($queryString) >0) {
    
    // Run the query: We use LIKE '$queryString%'
    // The percentage sign is a wild-card, in my example of countries it works like this...
    // $queryString = 'Uni';
    // Returned data = 'United States, United Kindom';
    
    // YOU NEED TO ALTER THthE QUERY TO MATCH YOUR DATABASE.
    // eg: SELECT yourColumnName FROM yourTable WHERE yourColumnName LIKE '$queryString%' LIMIT 10
    
    $query = $db->query("SELECT id, ProspectName, prospectorFullName, assignedrep  FROM captureddata WHERE ProspectName LIKE '$queryString%' LIMIT 8");
    if($query) {
     // While there are results loop through them - fetching an Object (i like PHP5 btw!).
     while ($result = $query ->fetch_object()) {
      // Format the results, im using <li> for the list, you can change it.
      // The onClick function fills the textbox with the result.
      
      // YOU MUST CHANGE: $result->value to $result->your_colum
           
     
     echo <<<html
     <li onClick="fill('{$result->ProspectName}','{$result->id}','{$result->assignedrep}','1');">{$result->ProspectName}</li>
html;
            }
    } else {
     echo 'ERROR: There was a problem with the query.';
    }
   } else {
    // Dont do anything.
   } // There is a queryString.
  } else {
   echo 'There should be no direct access to this script!';
  }
 }
 
?>

post-148267-0-29461900-1367678419_thumb.jpg

Edited by jcg31
Link to comment
Share on other sites

you need to use htmlentities() on any "content" that you output that may contain characters that have meaning in the html/javascript context they are being output in.

 

I gave htmlentites a shot in the following manner.  Same result, what am I doing wrong?

$theresult= htmlentities($result->ProspectName,ENT_QUOTES);
echo <<<html
<li onClick="fill('{$result->ProspectName}','{$result->id}','{$result->assignedrep}','1');">{$theresult}</li>
html;
Edited by jcg31
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.