[SOLVED] Help with double quotes issue

[jwhite68]

I have a string thats displayed from a database table, and when the database value contains a string in quotes, its not displayed in the output form.

 

So if the value of advtitle is  - this is an advert, as "featured on tv"

 

When displayed it shows - this is an advert, as

 

So its missing the "featured on tv" part.

 

Here is the code:

 

					<tr>
						<td class="td135" style="text-align:right !important"><span<?=$hlight4?>>Ad title</span></td>
						<td colspan="5" class="td675"><input type="text" name="advtitle" maxlength="128" value="<?=$advtitle?>" style="width:385px"></td>
					</tr>

 

Can anyone advise what I need to do in PHP to the <=?advtitle?> code. I tried addslashes but that didnt work.

 

[ToonMariner]

check you magic quotes setting...

[Zane]

how are you putting the information into your database

 

most likely your aren't escaping your double quotes

you need to put backslashes in front of them when you insert it

this is an advert, as \"featured on tv\"

[Thierry]

Try using a single double quote and see if the query gives an error.

If it does, you forgot to escape your double quotes.

 

Since your query is probably written in double quotes, it causes an error as it gets all messy.

 

You can either use addslashes($_POST["YOUR_FORM_ITEM"]); or htmlspecialchars($_POST["YOUR_FORM_ITEM"], ENT_QUOTES);.

 

Add slashes will simply add a \ to the " which will tell PHP to see it as a character instead of a double quote and the latter will change the doublequote into its HTML code (&#039;), you can use html_entity_decode to bring it back if needed.

[jwhite68]

I was able to resolve it by just changing <?=$advtitle?> to <?=htmlspecialchars($advtitle)?>

 

Does anyone see an issue in resolving it this way?

[kenrbnsn]

That is the correct way of solving the problem. Escaping the quotes is for PHP & MySQL.

 

Ken