TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Absolute Beginners (http://www.talkphp.com/absolute-beginners/)
-   -   Magic Quotes (http://www.talkphp.com/absolute-beginners/5678-magic-quotes.html)

captainmerton 01-16-2011 05:58 PM
Magic Quotes
 
A real beginner question but i'm having difficulty with escaping input form data containing commas. Eg. Name entered as O'Neill. I'm checking magic quotes is switched off in th php.ini file which it is so i'm not stripping slashes from the input data. I am however using the mysql real_escape_string function on the data before adding it to the database. Its stored on the database as O'Neill and not O/'Neill however when i retrieve it using mysql SELECT statement the pho code is displaying it as O. Do i need to add a backslash to php knows its not the end of a string but actually part of the string?

Any general advice on this?

Cheers.

captainmerton 01-16-2011 06:13 PM
The problem i appear to be having is when i try and display the name as values in a form:

PHP Code:
    <tr>
    <td>
        <label for="name">Property Name*</label>
    </td>
    <td>
        <input type='text' name='name' id='name' size='50' maxlength='50' value='<?php print $property->getName(); ?>'>
    </td>
    </tr>
    <tr>
    <td>
        <label for="details">Property Details*</label>
    </td>
    <td>
        <textarea name='details' id='details' cols='75' rows='10'><?php print $property->getDetails(); ?></textarea>
    </td>
    </tr>
If both $property->getName() and $property->getDetails() return O'Neill the name form text appears as O whereas its appears as O'Neill in the details textarea input field. I'm sure its something to do with the the different form input types and the text input type is treating the comma as the end of the string. Any idea how i can resolve this?

captainmerton 01-16-2011 06:19 PM
I've fixed it by changing the ' to a ". I know the way php treats these is quite different. I assume it was treating it as a variable as opposed to a string. Not sure.

tony 01-16-2011 07:27 PM
if you still want to use ' to delimit strings you can scape internal ' by escaping them with t backward slash \'

"" display the contents of variables if they are inside of strings like

PHP Code:
<?php
$s "string";
echo "this is a $s"//echoes to this is a string
echo 'this is a $s'//echoes to this is a $s
?>

wGEric 01-18-2011 06:55 PM
If you aren't escaping the ' then the HTML becomes this:

HTML Code:
<input type='text' name='name' id='name' size='50' maxlength='50' value='O'Neil'>
You can see the value is then messed up so the browser thinks "O" is the value and ignores the rest.

The fix would be to use addslashes in your form so that it escapes quotes.

PHP Code:
<input type='text' name='name' id='name' size='50' maxlength='50' value='<?php print addslashes($property->getName()); ?>'>
Then the HTML would be

HTML Code:
<input type='text' name='name' id='name' size='50' maxlength='50' value='O\'Neil'>
Which is correct.


All times are GMT. The time now is 05:48 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0