At 10:06 -0600 2/8/02, Todd Williamsen wrote:
>Sorry for the confusion...
>I have an application where it organizes candidates for positions for
>HR.  There is a Notes field where they can update actions with the
>potential candidate.  Now this can be when this person has been
>contacted, conversations, or just to say this person is not available,

I assume by this you mean you have a form-based application through
which the information is submitted.

>There may be a point where quotes need to be added to quote a candidate,
>or I wanted to give them the option of adding HTML tags to the field so
>that when someone looks at the person's record, that the HTML will be
>displayed.  It wasn't just the HTML that was causing problems, but the
>quotes as well.

This makes your problem basically intractable.  Sorry.

If I input: Candidate requires salary < $100K and > $75K

Then it like kinda like there's a tag there, because of the < and >

Or if I input: Candidate has a, shall we say, "checkered" past

Then the value has quotes.

Now, you want to let people put in something like:

Candidate has a, shall we say, <font color="red">checkered</font> past.

Now, you can store any of those values into the database easily.   Just
use addslashes() to escape the values that are special in SQL.  When you
retrieve the values, you'll get exactly the values as shown above.

But then what do you do with them?  For the first two instances, you
need to display the <, > and " characters literally, which you might
do by converting them to HTML entities (&lt;, &lt;, and &quot;) by running
the strings through htmlspecialchars() before printing them as part of the
Web page.

But for the third instance, you want to pass those same characters
through to the browser so that it interprets them as HTML markup.

How are you going to tell?

See the problem?

>If I add..
>Joe Blow said "blah blah blah"  the query wouldn't execute.  But if I
>did Joe Blow said, blah blah blah, it works fine.
>I know HTML isn't as touchy and you can actually do without the quotes,
>ie, <font color=red>BLAH</font> it will still display red font.
>The weird thing is that I have a Job Posting section and when you update
>or edit an exsisting job and add HTML, it works fine without the
>addslashes() function, but with the Edit Candidate, it craps out...
>Weird, both are practically carbon copies of each other, database field
>is both set to "TEXT" and both queries are the same structure.
>I cannot figure it out
>If you want the URL to look at it, I will send it to you.

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to