Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Regular Coder
    Join Date
    Jul 2003
    Posts
    262
    Thanks
    1
    Thanked 0 Times in 0 Posts

    What happened to the quotes in my string?

    I'm pulling some data from a mySQL database and displaying it in a table. In many cases the data contains single quotes and double quotes. It displays fine in my table. The table contains form fields that let the user select rows to POST, then I process them etc...

    The problem is when they post the form I'm losing everything after the first instance of a single or double quote, for example:

    In my database record...
    Ball valve, 2 1/2" 304 Stainless Steel (this is good)

    In my html table...
    Ball valve, 2 1/2" 304 Stainless Steel (this is good)

    In $_POST['myfield']...
    Ball valve, 2 1/2 (this is not good)

    I have also tried using addslashes() to the data before posting it and get the following result...
    Ball valve, 2 1/2\\ (this is not good)


    Does anybody know what is causing this?
    Last edited by mothra; 10-27-2006 at 07:40 PM.

  • #2
    Regular Coder
    Join Date
    Dec 2002
    Location
    Minneapolis, MN
    Posts
    208
    Thanks
    0
    Thanked 1 Time in 1 Post
    What does your processed HTML form input element look like? post exact source.

    ie. <input name="abc" value="your value with quotes" />

    or if you're using a drop down.
    <option value="your value with quotes" />
    anthony

  • #3
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    You would need to use the add slashes when you recieve the data from the form before you insert the data into the database not when you print it to the page. The addslashes functions does just that. It adds \'s to your single and double quotes to make sure PHP does not try to interpret it as PHP code. And then when retrieve the data from the database you need to run stripslashes to remove the slashes that were inserted.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #4
    Regular Coder
    Join Date
    Jul 2003
    Posts
    262
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks for the responses, let me see if I can keep up...

    Spookster - are you saying that the data in my database should have slashes in it? I use the following function to sanitize the data before I execute the query, this may be old school, I dunno.

    PHP Code:
    if (get_magic_quotes_gpc()) {
        
    $myVar $_POST['whatever'];
    } else {
        
    $myVar addslashes($_POST['whatever']);

    The data in my database looks just like I posted above, there are no slashes.


    ez - here's the code for the input field in the form:
    PHP Code:
    printf(" <td> %s <input type=\"hidden\" name=\"description[]\" value=\"%s\" style=\"width:0px;\" </td>"$row["description"], $row["description"]); 
    Last edited by mothra; 10-27-2006 at 10:04 PM.

  • #5
    Regular Coder
    Join Date
    Jul 2003
    Posts
    262
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Just to update, I tried adding the data to the database with slashes in it. I still run into the problem. I tried echoing it before and after posting with strip slashes but I get the same result as before

  • #6
    Regular Coder
    Join Date
    Jul 2003
    Posts
    262
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Well I figured it out (sort of). I made an assumption that the php writing my html (a table and a form) would write the same data to the hidden input as it would to the table. It wasn't.

    I don't know why, maybe someone can explain, but the table was coming out fine and the input fields in the form were not. I had to end up using str_replace to replace all instances of quotes with &quot; to get the values into the form fields. It did not matter if my data was stored with slashes or not. I decided to do this when writing the table as well, just for piece of mind if nothing else. Here is the code that worked...

    PHP Code:
    printf(" <td> %s <input type=\"hidden\" name=\"description[]\" value=\"%s\" style=\"width:0px;\" </td>"
      
    str_replace("\"""&quot;"$row["description"]), str_replace("\"""&quot;"$row["description"])); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •