No kidding I see the problem, that is why I am asking how do I solve it.
I don't need the problem re-explained to me 8)
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:21 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: RE: [PHP-DB] addslashes()
At 10:06 -0600 2/8/02, Todd Williamsen wrote:
>Sorry for the confusion...
>I have an application where it organizes candidates for positions for
>HR. There is a Notes field where they can update actions with the
>potential candidate. Now this can be when this person has been
>contacted, conversations, or just to say this person is not available,
I assume by this you mean you have a form-based application through
which the information is submitted.
>There may be a point where quotes need to be added to quote a
>or I wanted to give them the option of adding HTML tags to the field so
>that when someone looks at the person's record, that the HTML will be
>displayed. It wasn't just the HTML that was causing problems, but the
>quotes as well.
This makes your problem basically intractable. Sorry.
If I input: Candidate requires salary < $100K and > $75K
Then it like kinda like there's a tag there, because of the < and >
Or if I input: Candidate has a, shall we say, "checkered" past
Then the value has quotes.
Now, you want to let people put in something like:
Candidate has a, shall we say, <font color="red">checkered</font> past.
Now, you can store any of those values into the database easily. Just
use addslashes() to escape the values that are special in SQL. When you
retrieve the values, you'll get exactly the values as shown above.
But then what do you do with them? For the first two instances, you
need to display the <, > and " characters literally, which you might
do by converting them to HTML entities (<, <, and ") by
the strings through htmlspecialchars() before printing them as part of
But for the third instance, you want to pass those same characters
through to the browser so that it interprets them as HTML markup.
How are you going to tell?
See the problem?
>If I add..
>Joe Blow said "blah blah blah" the query wouldn't execute. But if I
>did Joe Blow said, blah blah blah, it works fine.
>I know HTML isn't as touchy and you can actually do without the quotes,
>ie, <font color=red>BLAH</font> it will still display red font.
>The weird thing is that I have a Job Posting section and when you
>or edit an exsisting job and add HTML, it works fine without the
>addslashes() function, but with the Edit Candidate, it craps out...
>Weird, both are practically carbon copies of each other, database field
>is both set to "TEXT" and both queries are the same structure.
>I cannot figure it out
>If you want the URL to look at it, I will send it to you.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php