Explain this... Now I have Edit Jobs where you can do the same HTML and other SQL specific stuff in the Job Description, that works with no problems whatsoever, then I have this Edit Candidate page that is structured EXACTLY the same, and the Edit Candidate craps out...
Why is that? One works and the other doesn't? -----Original Message----- From: Paul DuBois [mailto:[EMAIL PROTECTED]] Sent: Friday, February 08, 2002 10:34 AM To: Todd Williamsen; [EMAIL PROTECTED] Subject: RE: [PHP-DB] addslashes() At 10:22 -0600 2/8/02, Todd Williamsen wrote: >Paul, > >No kidding I see the problem, that is why I am asking how do I solve it. By writing a content parser that is intelligent enough to recognize HTML constructs and pass them through literally, while recognizing when your people write other stuff containing the same characters that does not signify HTML. In other words, a parser that can read their minds. Good luck. :-) Alternatively, tell them to signal special constructs using a syntax that doesn't overlap HTML so that you can recognize the constructs and transform them to HTML when you render a Web page. Alternatively, tell them that if they want to include literal characters like < or >, they must enter them as < or >. In this case, you interpret the text as HTML that's already properly escaped and you simply display it as is with no extra conversion. None of these are particularly attractive. It's an ugly problem; I suspect it has no pretty solution. >I don't need the problem re-explained to me 8) > >-----Original Message----- >From: Paul DuBois [mailto:[EMAIL PROTECTED]] >Sent: Friday, February 08, 2002 10:21 AM >To: Todd Williamsen; [EMAIL PROTECTED] >Subject: RE: [PHP-DB] addslashes() > > >At 10:06 -0600 2/8/02, Todd Williamsen wrote: >>Paul, >> >>Sorry for the confusion... >> >>Ok.. >> >>I have an application where it organizes candidates for positions for >>HR. There is a Notes field where they can update actions with the >>potential candidate. Now this can be when this person has been >>contacted, conversations, or just to say this person is not available, >>etc. > >I assume by this you mean you have a form-based application through >which the information is submitted. > >> >>There may be a point where quotes need to be added to quote a >candidate, >>or I wanted to give them the option of adding HTML tags to the field so >>that when someone looks at the person's record, that the HTML will be >>displayed. It wasn't just the HTML that was causing problems, but the >>quotes as well. > >This makes your problem basically intractable. Sorry. > >If I input: Candidate requires salary < $100K and > $75K > >Then it like kinda like there's a tag there, because of the < and > > >Or if I input: Candidate has a, shall we say, "checkered" past > >Then the value has quotes. > >Now, you want to let people put in something like: > >Candidate has a, shall we say, <font color="red">checkered</font> past. > > >Now, you can store any of those values into the database easily. Just >use addslashes() to escape the values that are special in SQL. When you >retrieve the values, you'll get exactly the values as shown above. > >But then what do you do with them? For the first two instances, you >need to display the <, > and " characters literally, which you might >do by converting them to HTML entities (<, <, and ") by >running >the strings through htmlspecialchars() before printing them as part of >the >Web page. > >But for the third instance, you want to pass those same characters >through to the browser so that it interprets them as HTML markup. > >How are you going to tell? > > >See the problem? > > >> >>So... >> >>If I add.. >> >>Joe Blow said "blah blah blah" the query wouldn't execute. But if I >>did Joe Blow said, blah blah blah, it works fine. >> >>I know HTML isn't as touchy and you can actually do without the quotes, >>ie, <font color=red>BLAH</font> it will still display red font. >> >>The weird thing is that I have a Job Posting section and when you >update >>or edit an exsisting job and add HTML, it works fine without the >>addslashes() function, but with the Edit Candidate, it craps out... >>Weird, both are practically carbon copies of each other, database field >>is both set to "TEXT" and both queries are the same structure. >> >>I cannot figure it out >> >>If you want the URL to look at it, I will send it to you. >> >>Thanks! > > > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
