Those are two different things. You never mentioned your HTML problem, that's
why nobody adressed it.

So, the proper way to do it is:
1. Insert into the database using addslashes();
2. Use stripslashes() after retrieving the data if you need to;
3. Use htmlspecialchars() for displaying the data in HTML or htmlentities() if
you still have problems.

Bogdan

Jonathan Hilgeman wrote:

> I've tried those methods, but they cause problems when the values are loaded
> back into INPUTs for editing. For instance, even if the database-stored
> value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an
> INPUT so it looks like:
>
> <INPUT NAME='FullPetName' VALUE='Mark\'s Pet Named \"Flea Muffin\"'>
>
> Or try double-quotes:
>
> <INPUT NAME="FullPetName" VALUE="Mark\'s Pet Named \"Flea Muffin\"">
>
> You'll see what I mean.
>
> By using the HTML equivalents, the value can be loaded back into an input
> box flawlessly for easy updating, and it will display correctly when being
> pulled from the database for other usage.
>
> - Jonathan
>
> -----Original Message-----
> From: Rick Emery [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 12:11 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs
>
> Another option is to use PHP's addslashes() and stripslashes() functions.
> These will add/remove slashes in front of quotes to make them database
> friendly.
>
> -----Original Message-----
> From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 2:05 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Fixed Quote Marks in Inputs
>
> I finally came up with a reliable solution that I can use when I'm dealing
> with form inputs that can contain quote marks (single or double quotes). To
> store quote marks, you can str_replace them with their HTML code
> equivalents. For single quote marks, this is &#039;, and for double quote
> marks it's &#034;
>
> So before I insert any input into my database, I run my below function on
> all the data:
>
> // Replace quotes with their &#039; and &#034; equivalents
> function PrepareQuotes($Var)
> {
>         $Var = str_replace("'","&#039;",$Var);
>         $Var = str_replace('"',"&#034;",$Var);
>         return $Var;
> }
>
> Hope this helps someone else.
>
> - Jonathan
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to