Training, Open Source computer languages

This is page http://www.wellho.net/forum/Writing-PHP/Quotes-i ... Value.html

Our email: info@wellho.net • Phone: 01144 1225 708225

 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Quotes in Variable escaping Form Value

Posted by keith (keith), 2 February 2006
Hi,

I have the following :-

$main.="<input name='title' type='text' size='40' value='".$title."'>"

Now this is fine until the value of title is something like:-
$title="when they're going to be here";

All that is displayed in the Form text field is:
when they

The value of $title actually comes from a mySQL db.

I wan't the user to see exactly what they originally type in the form, so they can modify it. How do I get this text field to display the full line :
when they're going to be here

I'm sure I should be doing an addslashes or something, but I just cant get the line to display correctly in the text field.

Thanks in advance

Keith


Posted by Chris_Isaac (Chris Isaac), 2 February 2006
Hi Keith

I'm a bit rusty with PHP, but I think you are on the right lines because its cutting off the string at the ' in they're.

Try using the addslashes function (when you originally input the data into the mysql db) see if that gets you over the problem (Don't forget to use stripslashes function when getting the information out)

Like I said I'am rusty if that doesn't work, there are bigger and uglier peole on the board who will point you in the right direction.... there's Graham as well...

Hope this helps.

Posted by admin (Graham Ellis), 2 February 2006
This is how I remember it:



Reading from a form - call stripslashes but ONLY if your server is configured with magic quotes set on (that's the default).  This prevents quotes entered by the user having a backslash in front of them.

Saving to a database - call addslashes which ensures that the 4 special characters that can't be otherwise passed in within your SQL get escaped as appropriate.

Reading back from a database - no action to take since you've lready saved the data cleanly.

Outputting back to the browser (and this INCLUDES echoing back as the value in a text string) - htmlspecialchars which converts < to < and (answering Keith's original query) " to ".


Posted by keith (keith), 2 February 2006
Thanks Graham and Chris,

Chris, I  had tried addslashes, but it didn't help.

Graham, I know PHP addslashes by default (when magicquotes is on) to form data.

The data I am showing is from MySQL, not directly from a form, so the stripslashes and addslashes part seems to be irrelevant.
It's saving fine in mySQL eg; i can pull it back out and echo $title;
and I get:-
when they're going to be here

It's just the form value thing that's the issue.

So all I need to do is use htmlspecialchars

Or am I not understanding something here!?

Posted by admin (Graham Ellis), 2 February 2006
on 02/02/06 at 23:14:40, keith wrote:
So all I need to do is use htmlspecialchars

Or am I not understanding something here!?


Nope, I think that's all you need then.

Posted by keith (keith), 3 February 2006
Ah!

With a bit of swapping from Single Quotes to Double Quotes and vice-versa, it worked like a charm.

Many thanks

Keith





This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho