How to make form ignore quotation marks

[selliott]

I need to adjust my php form to prevent users from entering quotation marks in the text field?  Is there a simple command for this?

[Jessica]

I think you mean you need to let users enter quotation marks, and properly sanitize the input, using mysql_real_escape_string.

[selliott]

Whatever is easiest.  I have a form setup in an admin area (in php), that allows a user to input a Title (goes to a database, then is generated in an xml file) for a Flash menu, but the Flash menu won't display the Title/menu if it has a quote in it.  It will accept a single quotation mark and work ok...just won't display if it has a double quotation mark.  So I just figured it would be easiest for the field to ignore the double quotation marks, since the user could use a single quotation mark if they really wanted it in the link title.

[Jessica]

Does the " get stored in the database? If so, the problem is with flash.

You could do str_replace on the input and replace " with '.

[selliott]

Yeah, I'm sure it is with Flash, but I figured it may be easiest to just not allow the " in the php form than to find the issue in the actionscript right now.  I'm still learning on the programming side of things.

I was hoping I could just add something in here to just make the input field ignore the " sign, so when someone tried to type it in, it just did nothing. 

[code]<td><input name="title" type="text" style="width: 280px;" value="<?php echo $title;?>" maxlength="48" /></td>[/code]

But making it change the " to a ' would work too.

[Jessica]

Yeah so just try str_replace.

[selliott]

I found a section of code where I think I need to make the adjustment, but I'm not exactly sure what I need to do.  I tried a few things and it didn't seem to make any difference.  I just want to add a slash to the " mark, so it'll accept it.

[quote]//Add backslashes only to \ and '

function addslashes2( $string )
{
    $string = str_replace( '\\', '\\\\', $string );
    return str_replace( '\'', '\\\'', $string );
}


//Stripslashes from string if get_magic_quotes_gpc is on

function stripslashes2( $string )
{
    return ( get_magic_quotes_gpc() ) ? stripslashes( $string ) : $string;
}

?> [/quote]

[Jessica]

Why don't you just use str_replace to replace " with '...what's with all the slashes?

did you try add_slashes or mysql_real_escape_string

[selliott]

Because I just don't know much at all about php.  :-[  I assumed since the code appeared to be designed to just add slashes to the ' and \ (which must be why they work ok), it might be easier to just add another "add slashes" line of code inside the "addslashes2($string)" area for the " character too.