markjgator Posted August 21, 2013 Share Posted August 21, 2013 I have a php program that displays data from a mysql database then updates then redisplays the record in the database. below is a snippet of my code in which I try to display quotes, but in addition to the quotes it inserts a '\' before the single or double quotes. Does anybody have any idea on what I need in order to correctly display and collect the data from an html input box. Thanks in advance. <? ... $Title = htmlspecialchars($Title, ENT_QUOTES); ### Property Title print "\n<p><TR><TD>Property Title:</TD><TD> <input type=\"text\" name=\"Title\" value=\"$Title\" maxlength=40 size=40></td></tr>"; ... ?> Quote Link to comment https://forums.phpfreaks.com/topic/281444-htmlspecialcharsstr-ent_quotes/ Share on other sites More sharing options...
requinix Posted August 22, 2013 Share Posted August 22, 2013 Does the data have slashes in your database? I'm guessing that it does... Quote Link to comment https://forums.phpfreaks.com/topic/281444-htmlspecialcharsstr-ent_quotes/#findComment-1446231 Share on other sites More sharing options...
markjgator Posted August 22, 2013 Author Share Posted August 22, 2013 the database contains blah blah blah """ but the html form contains blah blah blah \"\"\" Quote Link to comment https://forums.phpfreaks.com/topic/281444-htmlspecialcharsstr-ent_quotes/#findComment-1446238 Share on other sites More sharing options...
requinix Posted August 22, 2013 Share Posted August 22, 2013 Somewhere you're using addslashes() or some other function that adds slashes when it shouldn't be. Post the rest of your code. Quote Link to comment https://forums.phpfreaks.com/topic/281444-htmlspecialcharsstr-ent_quotes/#findComment-1446254 Share on other sites More sharing options...
markjgator Posted August 22, 2013 Author Share Posted August 22, 2013 the whole code... <? $MLS = $_POST['MLS']; $page = $_POST['pagevalue']; // Create connection $con=mysqli_connect("","","",""); // Check connection if (mysqli_connect_errno($con)) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } echo "mls from POST variable is $MLS"; $result = mysqli_query($con,"SELECT * FROM tblListings WHERE MLS='$MLS'"); # Display MLS listings #load array for current record while($row = mysqli_fetch_array($result, MYSQLI_BOTH)) { $Title = $row[2]; $SalePrice = $row[3]; $City = $row[4]; $Zip = $row[5]; $TransType = $row[6]; $PropType = $row[7]; $Beds = $row[8]; $Baths = $row[9]; $Garage = $row[10]; $Sqft = $row[11]; $LivingSqft = $row[12]; $YrBuilt = $row[13]; $Propfeat1 = $row[14]; $Propfeat2 = $row[15]; $Propfeat3 = $row[16]; $Propfeat4 = $row[17]; $Propfeat5 = $row[18]; $Propfeat6 = $row[19]; $Propfeat7 = $row[20]; $Propfeat8 = $row[21]; $Propfeat9 = $row[22]; $Propfeat10 = $row[23]; $Propfeat11 = $row[24]; $Propfeat12 = $row[25]; $Propfeat13 = $row[26]; $HOAdues = $row[27]; $Comments = $row[28]; $StAddress = $row[29]; } // close connection to database mysqli_close($con); print "<html><head><title>Update Listings</title>\n\n <SCRIPT language=\"JavaScript\">\n function OnSubmitForm()\n {\n if(document.myform.operation[0].selected == true)\n {\n document.myform.action =\"UpdateListing.php\";\n }\n else\n if(document.myform.operation[1].selected == true)\n {\n document.myform.action =\"BrowseListings.php\";\n }\n if(document.myform.operation[2].selected == true)\n {\n document.myform.action =\"listing_add.html\";\n }\n return true;\n }\n </SCRIPT>\n </head><body>"; print "<FORM name=\"myform\" onSubmit=\"return OnSubmitForm();\" method=\"post\">"; print "\n<table>"; ###update variables ### MLS number print "\n<TR><TD>MLS:</TD><TD>$MLS</TD></TR>"; if ($page == "BrowseListing.php") { echo " Browse listing ... $page"; // echo " MLS is ... $MLS"; loadpage($MLS, $Title, $SalePrice, $City, $Zip, $TransType, $PropType, $Beds, $Baths, $Garage, $Sqft, $LivingSqft, $YrBuilt, $Propfeat1, $Propfeat2, $Propfeat3, $Propfeat4, $Propfeat5, $Propfeat6, $Propfeat7, $Propfeat8, $Propfeat9, $Propfeat10, $Propfeat11, $Propfeat12, $Propfeat13, $HOAdues, $Comments, $StAddress); }else if ($page == "UpdateListing.php") { echo " Update listing ... $page"; $Title = $_POST['Title']; $SalePrice = $_POST['SalePrice']; $City = $_POST['City']; $Zip = $_POST['Zip']; $TransType = $_POST['TransType']; $PropType = $_POST['PropType']; $Beds = $_POST['Beds']; $Baths = $_POST['Baths']; $Garage = $_POST['Garage']; $Sqft = $_POST['Sqft']; $LivingSqft = $_POST['LivingSqft']; $YrBuilt = $_POST['YrBuilt']; $Propfeat1 = $_POST['Propfeat1']; $Propfeat2 = $_POST['Propfeat2']; $Propfeat3 = $_POST['Propfeat3']; $Propfeat4 = $_POST['Propfeat4']; $Propfeat5 = $_POST['Propfeat5']; $Propfeat6 = $_POST['Propfeat6']; $Propfeat7 = $_POST['Propfeat7']; $Propfeat8 = $_POST['Propfeat8']; $Propfeat9 = $_POST['Propfeat9']; $Propfeat10 = $_POST['Propfeat10']; $Propfeat11 = $_POST['Propfeat11']; $Propfeat12 = $_POST['Propfeat12']; $Propfeat13 = $_POST['Propfeat13']; $HOAdues = $_POST['HOAdues']; $Comments = $_POST['Comments']; $StAddress = $_POST['StAddress']; UpdatePage($MLS, $Title, $SalePrice, $City, $Zip, $TransType, $PropType, $Beds, $Baths, $Garage, $Sqft, $LivingSqft, $YrBuilt, $Propfeat1, $Propfeat2, $Propfeat3, $Propfeat4, $Propfeat5, $Propfeat6, $Propfeat7, $Propfeat8, $Propfeat9, $Propfeat10, $Propfeat11, $Propfeat12, $Propfeat13, $HOAdues, $Comments, $StAddress); loadpage($MLS, $Title, $SalePrice, $City, $Zip, $TransType, $PropType, $Beds, $Baths, $Garage, $Sqft, $LivingSqft, $YrBuilt, $Propfeat1, $Propfeat2, $Propfeat3, $Propfeat4, $Propfeat5, $Propfeat6, $Propfeat7, $Propfeat8, $Propfeat9, $Propfeat10, $Propfeat11, $Propfeat12, $Propfeat13, $HOAdues, $Comments, $StAddress); include('creator.php'); }else "nothing"; function loadpage($MLS, $Title, $SalePrice, $City, $Zip, $TransType, $PropType, $Beds, $Baths, $Garage, $Sqft, $LivingSqft, $YrBuilt, $Propfeat1, $Propfeat2, $Propfeat3, $Propfeat4, $Propfeat5, $Propfeat6, $Propfeat7, $Propfeat8, $Propfeat9, $Propfeat10, $Propfeat11, $Propfeat12, $Propfeat13, $HOAdues, $Comments, $StAddress){ $Title = htmlspecialchars($Title, ENT_QUOTES); ### Property Title print "\n<p><TR><TD>Property Title:</TD><TD> <input type=\"text\" name=\"Title\" value=\"$Title\" maxlength=40 size=40></td></tr>"; ### Property Type print "\n<tr><td>Property Type:</td><td>\n<select name=PropType size=\"1\"> <OPTION SELECTED VALUE=\"$PropType\">"; if($PropType == 1){print "Single Family Home </option>\n";} if($PropType == 2){print "Condo/Townhouse </option>\n";} if($PropType == 3){print "Multi-Family Home </option>\n";} if($PropType == 4){print "Mfd/Mobile Home </option>\n";} if($PropType == 5){print "Farms/Ranches </option>\n";} if($PropType == 6){print "Land </option>";} if($PropType != 1){print "<option value=\"1\"> Single Family Home </option>\n";} if($PropType != 2){print "<option value=\"2\"> Condo/Townhouse </option>\n";} if($PropType != 3){print "<option value=\"3\"> Multi-Family Home </option>\n";} if($PropType != 4){print "<option value=\"4\"> Mfd/Mobile Home </option>\n";} if($PropType != 5){print "<option value=\"5\"> Farms/Ranches </option>\n";} if($PropType != 6){print "<option value=\"6\"> Land </option>\n";} print "</select>\n </td></tr>"; ### Transaction Type print "\n<p> <tr><td>Transaction Type:</td><td>\n <select name=TransType><OPTION SELECTED VALUE=\"$TransType\">"; if($TransType == 1){print "For Sale </option>\n";} if($TransType == 2){print "For Rent </option>\n";} if($TransType != 1){print "<option value=\"1\"> For Sale </option>\n";} if($TransType != 2){print "<option value=\"2\"> For Rent </option>\n";} print "</select>\n </td></tr>\n<p>"; ### Sale Price print "<tr><td>Sale/Rental Price: </td><td> <input type=\"text\" name=\"SalePrice\" value=\"$SalePrice\" maxlength=15 size=15> </td></tr>\n"; ### Street Address print "<p><tr><td> Street Address: </td><td> <input type=\"text\" name=\"StAddress\" value=\"$StAddress\" maxlength=50 size=50> </td></tr>"; ### City print "\n<tr><td>City:</td><td>\n<select name=City size=\"1\"> <OPTION SELECTED VALUE=\"$City\">"; if($City == 1){print "Grant </option>\n";} if($City == 2){print "Indialantic </option>\n";} if($City == 3){print "Indian Harbour Beach </option>\n";} if($City == 4){print "Melbourne </option>\n";} if($City == 5){print "Melbourne Beach </option>\n";} if($City == 6){print "West Melbourne </option>\n";} if($City == 7){print "Palm Bay </option>";} if($City == {print "Merrit Island </option>\n";} if($City == 9){print "Rockledge </option>\n";} if($City == 10){print "Satellite </option>\n";} if($City == 11){print "Titusville </option>\n";} if($City == 12){print "Valkyria </option>\n";} if($City == 13){print "Viera </option>\n";} if($City != 1) {print "<option value=\"1\"> Grant </option>\n";} if($City != 2) {print "<option value=\"2\"> Indialantic </option>\n";} if($City != 3) {print "<option value=\"3\"> Indian Harbour Beach </option>\n";} if($City != 4) {print "<option value=\"4\"> Melbourne </option>\n";} if($City != 5) {print "<option value=\"5\"> Melbourne Beach </option>\n";} if($City != 6) {print "<option value=\"6\"> West Melbourne </option>\n";} if($City != 7) {print "<option value=\"7\"> Palm Bay </option>\n";} if($City != {print "<option value=\"8\"> Merrit Island </option>\n";} if($City != 9) {print "<option value=\"9\"> Rockledge </option>\n";} if($City != 10){print "<option value=\"10\"> Satellite </option>\n";} if($City != 11){print "<option value=\"11\"> Titusville </option>\n";} if($City != 12){print "<option value=\"12\"> Valkyria </option>\n";} if($City != 13){print "<option value=\"13\"> Viera </option>\n";} print "</select>\n </td></tr>\n\n"; ### Zip print"<p><tr><td> Zip Code: </td><td> <input type=\"text\" name=\"Zip\" value=\"$Zip\" maxlength=5 size=5> </td></tr>\n\n"; ### Beds print "\n<tr><td>Bedrooms:</td><td>\n<select name=Beds size=\"1\"> <OPTION SELECTED VALUE=\"$Beds\">"; if($Beds == 1){print " </option>\n";} if($Beds == 2){print "1 </option>\n";} if($Beds == 3){print "2 </option>\n";} if($Beds == 4){print "3 </option>\n";} if($Beds == 5){print "4 </option>\n";} if($Beds == 6){print "5 </option>\n";} if($Beds == 7){print "6 </option>";} if($Beds == {print "7 </option>\n";} if($Beds == 9){print "8 </option>\n";} if($Beds == 10){print "9+ </option>\n";} if($Beds != 1) {print "<option value=\"1\"> </option>\n";} if($Beds != 2) {print "<option value=\"2\"> 1 </option>\n";} if($Beds != 3) {print "<option value=\"3\"> 2 </option>\n";} if($Beds != 4) {print "<option value=\"4\"> 3 </option>\n";} if($Beds != 5) {print "<option value=\"5\"> 4 </option>\n";} if($Beds != 6) {print "<option value=\"6\"> 5 </option>\n";} if($Beds != 7) {print "<option value=\"7\"> 6 </option>\n";} if($Beds != {print "<option value=\"8\"> 7 </option>\n";} if($Beds != 9) {print "<option value=\"9\"> 8 </option>\n";} if($Beds != 10){print "<option value=\"10\"> 9+ </option>\n";} print "</select>\n </td></tr>"; ### Baths print "\n<tr><td>Bathrooms:</td><td>\n<select name=Baths size=\"1\"> <OPTION SELECTED VALUE=\"$Baths\">"; if($Baths == 1){print " </option>\n";} if($Baths == 2){print "1 </option>\n";} if($Baths == 3){print "1.5 </option>\n";} if($Baths == 4){print "2 </option>\n";} if($Baths == 5){print "2.5 </option>\n";} if($Baths == 6){print "3 </option>\n";} if($Baths == 7){print "3.5 </option>";} if($Baths == {print "4 </option>\n";} if($Baths == 9){print "4.5 </option>\n";} if($Baths == 10){print "5+ </option>\n";} if($Baths != 1) {print "<option value=\"1\"> </option>\n";} if($Baths != 2) {print "<option value=\"2\"> 1 </option>\n";} if($Baths != 3) {print "<option value=\"3\"> 1.5 </option>\n";} if($Baths != 4) {print "<option value=\"4\"> 2 </option>\n";} if($Baths != 5) {print "<option value=\"5\"> 2.5 </option>\n";} if($Baths != 6) {print "<option value=\"6\"> 3 </option>\n";} if($Baths != 7) {print "<option value=\"7\"> 3.5 </option>\n";} if($Baths != {print "<option value=\"8\"> 4 </option>\n";} if($Baths != 9) {print "<option value=\"9\"> 4.5 </option>\n";} if($Baths != 10){print "<option value=\"10\"> 5+ </option>\n";} print "</select>\n </td></tr>"; ### Sqft print "\n <p><tr><td> Square ft:</td><td> <input type=\"text\" name=\"Sqft\" value=\"$Sqft\" maxlength=6 size=6> </td></tr>\n\n"; ### Living Sqft print "\n <p><tr><td> Living Sqft:</td><td> <input type=\"text\" name=\"LivingSqft\" value=\"$LivingSqft\" maxlength=6 size=6> </td></tr>\n\n"; ### Year Built print "\n <p><tr><td> Year Built:</td><td> <input type=\"text\" name=\"YrBuilt\" value=\"$YrBuilt\" maxlength=4 size=4> </td></tr>\n\n"; ### Propfeat1 - Propfeat13 print "<p> <tr><td> Check property features:</td><td>"; if($Propfeat1){print "<input type=\"checkbox\" name=\"Propfeat1\" value=\"Pool\" checked=\"true\">Pool";} else{print "<input type=\"checkbox\" name=\"Propfeat1\" value=\"Pool\">Pool";} if($Propfeat2){print "<input type=\"checkbox\" name=\"Propfeat2\" value=\"Tile\" checked=\"true\">Tile";} else{print "<input type=\"checkbox\" name=\"Propfeat2\" value=\"Tile\">Tile";} if($Propfeat3){print "<input type=\"checkbox\" name=\"Propfeat3\" value=\"Wood\" checked=\"true\">Hardwood Flooring";} else{print "<input type=\"checkbox\" name=\"Propfeat3\" value=\"Wood\">Hardwood Flooring";} if($Propfeat4){print "<input type=\"checkbox\" name=\"Propfeat4\" value=\"Fence\" checked=\"true\">Fenced";} else{print "<input type=\"checkbox\" name=\"Propfeat4\" value=\"Fence\">Fenced";} if($Propfeat5){print "<input type=\"checkbox\" name=\"Propfeat5\" value=\"Gated\" checked=\"true\">Gated Community";} else{print "<input type=\"checkbox\" name=\"Propfeat5\" value=\"Gated\">Gated Community";} if($Propfeat6){print "<input type=\"checkbox\" name=\"Propfeat6\" value=\"HOA\" checked=\"true\">Home Owners Association";} else{print "<input type=\"checkbox\" name=\"Propfeat6\" value=\"HOA\">Home Owners Association";} print "\n\n<BR>"; if($Propfeat7){print "<input type=\"checkbox\" name=\"Propfeat7\" value=\"OceanFront\" checked=\"true\">Ocean Front";} else{print "<input type=\"checkbox\" name=\"Propfeat7\" value=\"OceanFront\">Ocean Front";} if($Propfeat8){print "<input type=\"checkbox\" name=\"Propfeat8\" value=\"OceanView\" checked=\"true\">Ocean View";} else{print "<input type=\"checkbox\" name=\"Propfeat8\" value=\"OceanView\">Ocean View";} if($Propfeat9){print "<input type=\"checkbox\" name=\"Propfeat9\" value=\"RiverFront\" checked=\"true\">River View";} else{print "<input type=\"checkbox\" name=\"Propfeat9\" value=\"RiverFront\">RiverFront";} if($Propfeat10){print "<input type=\"checkbox\" name=\"Propfeat10\" value=\"RiverSide\" checked=\"true\">River side";} else{print "<input type=\"checkbox\" name=\"Propfeat10\" value=\"RiverSide\">River side";} if($Propfeat11){print "<input type=\"checkbox\" name=\"Propfeat11\" value=\"Canal\" checked=\"true\">Canal";} else{print "<input type=\"checkbox\" name=\"Propfeat11\" value=\"Canal\">Canal";} if($Propfeat12){print "<input type=\"checkbox\" name=\"Propfeat12\" value=\"Lake\" checked=\"true\">Lake";} else{print "<input type=\"checkbox\" name=\"Propfeat12\" value=\"Lake\">Lake";} if($Propfeat13){print "<input type=\"checkbox\" name=\"Propfeat13\" value=\"Pond\" checked=\"true\">Pond";} else{print "<input type=\"checkbox\" name=\"Propfeat13\" value=\"Pond\">Pond";} ### Garage print "\n<tr><td>Garage:</td><td>\n<select name=Garage size=\"1\"> <OPTION SELECTED VALUE=\"$Garage\">"; if($Garage == 1){print "None </option>\n";} if($Garage == 2){print "1 car </option>\n";} if($Garage == 3){print "2 car </option>\n";} if($Garage == 4){print "3 car </option>\n";} if($Garage == 5){print "carport </option>\n";} if($Garage != 1){print "<option value=\"1\"> None </option>\n";} if($Garage != 2){print "<option value=\"2\"> 1 car </option>\n";} if($Garage != 3){print "<option value=\"3\"> 2 car </option>\n";} if($Garage != 4){print "<option value=\"4\"> 3 car </option>\n";} if($Garage != 5){print "<option value=\"5\"> carport </option>\n";} print "</select>\n </td></tr>"; ### HOA Yearly Dues print "\n <p><tr><td>HOA Yearly Dues:</td><td> <input type=\"text\" name=\"HOAdues\" value=\"$HOAdues\" maxlength=7 size=7> </td></tr>\n\n"; ### Comments print "\n <p><tr><td>Comments:</td><td> <textarea name=\"Comments\" row=5 cols=100>$Comments</textarea></td></tr>\n\n"; print "</TD></TR><TR><TD> SELECT PAGE:</TD><TD> <select name=\"operation\" size=\"1\"> <option value=\"1\">Update Listing</option> <option value=\"2\">Browse Listing</option> <option value=\"3\">Add a listing</option> </select> <INPUT TYPE=\"SUBMIT\" name=\"Submit\" VALUE=\"ACTION\"> \n</TD></TR></table>\n"; print "<input type=\"hidden\" name=\"pagevalue\" value=\"UpdateListing.php\"> "; print "<input type=\"hidden\" name=\"MLS\" value=\"$MLS\"> "; print "</table></body></html>"; } // end subroutine loadpage function UpdatePage($MLS, $Title, $SalePrice, $City, $Zip, $TransType, $PropType, $Beds, $Baths, $Garage, $Sqft, $LivingSqft, $YrBuilt, $Propfeat1, $Propfeat2, $Propfeat3, $Propfeat4, $Propfeat5, $Propfeat6, $Propfeat7, $Propfeat8, $Propfeat9, $Propfeat10, $Propfeat11, $Propfeat12, $Propfeat13, $HOAdues, $Comments, $StAddress){ #connection to database $con2=mysqli_connect("","","",""); # Insert form elements into database mysqli_query($con2,"UPDATE tblListings SET Title = '$Title', SalePrice = '$SalePrice', City = '$City', Zip = '$Zip', TransType = '$TransType', PropType = '$PropType', Beds = '$Beds', Baths = '$Baths', Garage = '$Garage', Sqft = '$Sqft', LivingSqft = '$LivingSqft', YrBuilt = '$YrBuilt', Propfeat1 = '$Propfeat1', Propfeat2 = '$Propfeat2', Propfeat3 = '$Propfeat3', Propfeat4 = '$Propfeat4', Propfeat5 = '$Propfeat5', Propfeat6 = '$Propfeat6', Propfeat7 = '$Propfeat7', Propfeat8 = '$Propfeat8', Propfeat9 = '$Propfeat9', Propfeat10 = '$Propfeat10', Propfeat11 = '$Propfeat11', Propfeat12 = '$Propfeat12', Propfeat13 = '$Propfeat13', HOAdues = '$HOAdues', Comments = '$Comments', StAddress = '$StAddress' WHERE MLS = '$MLS'") or die(mysql_error()); # Finish database connection mysqli_close($con2); } //end subroutine UpdatePage Quote Link to comment https://forums.phpfreaks.com/topic/281444-htmlspecialcharsstr-ent_quotes/#findComment-1446298 Share on other sites More sharing options...
markjgator Posted August 22, 2013 Author Share Posted August 22, 2013 I figured out the problem. I needed to add a stripslashes() now the data displays correctly. thanks for the help Quote Link to comment https://forums.phpfreaks.com/topic/281444-htmlspecialcharsstr-ent_quotes/#findComment-1446366 Share on other sites More sharing options...
requinix Posted August 22, 2013 Share Posted August 22, 2013 I figured out the problem. I needed to add a stripslashes()No, what you need to do is fix it so the slashes never happen in the first place. You say the data in the database doesn't have slashes. I'm starting to doubt that. How did you check? Quote Link to comment https://forums.phpfreaks.com/topic/281444-htmlspecialcharsstr-ent_quotes/#findComment-1446379 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.