I thought I made it somewhat clear: > when I'm dealing with form inputs that can contain quote marks
Advertising
Why run 3 functions at separate times when you can run one once just before data is inserted into the database? - Jonathan -----Original Message----- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 12:48 PM To: Jonathan Hilgeman Cc: 'Rick Emery'; '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Those are two different things. You never mentioned your HTML problem, that's why nobody adressed it. So, the proper way to do it is: 1. Insert into the database using addslashes(); 2. Use stripslashes() after retrieving the data if you need to; 3. Use htmlspecialchars() for displaying the data in HTML or htmlentities() if you still have problems. Bogdan Jonathan Hilgeman wrote: > I've tried those methods, but they cause problems when the values are loaded > back into INPUTs for editing. For instance, even if the database-stored > value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an > INPUT so it looks like: > > <INPUT NAME='FullPetName' VALUE='Mark\'s Pet Named \"Flea Muffin\"'> > > Or try double-quotes: > > <INPUT NAME="FullPetName" VALUE="Mark\'s Pet Named \"Flea Muffin\""> > > You'll see what I mean. > > By using the HTML equivalents, the value can be loaded back into an input > box flawlessly for easy updating, and it will display correctly when being > pulled from the database for other usage. > > - Jonathan > > -----Original Message----- > From: Rick Emery [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 12:11 PM > To: [EMAIL PROTECTED] > Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs > > Another option is to use PHP's addslashes() and stripslashes() functions. > These will add/remove slashes in front of quotes to make them database > friendly. > > -----Original Message----- > From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 2:05 PM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Fixed Quote Marks in Inputs > > I finally came up with a reliable solution that I can use when I'm dealing > with form inputs that can contain quote marks (single or double quotes). To > store quote marks, you can str_replace them with their HTML code > equivalents. For single quote marks, this is ', and for double quote > marks it's " > > So before I insert any input into my database, I run my below function on > all the data: > > // Replace quotes with their ' and " equivalents > function PrepareQuotes($Var) > { > $Var = str_replace("'","'",$Var); > $Var = str_replace('"',""",$Var); > return $Var; > } > > Hope this helps someone else. > > - Jonathan > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
