At 10:35 -0600 2/8/02, Todd Williamsen wrote: >Explain this... > >Now I have Edit Jobs where you can do the same HTML and other SQL >specific stuff in the Job Description, that works with no problems >whatsoever, then I have this Edit Candidate page that is structured >EXACTLY the same, and the Edit Candidate craps out... > >Why is that? One works and the other doesn't?
Good question. It may be that they really behave the same and you don't know it because you're entering different kinds of information into them and thus not triggering the bug for one of them. Or it may be that they're not really *exactly* the same. You can test the first possibility by swapping the information that you enter into the two fields. If the one that works now fails and the one that fails now works, then you have two non-working fields and didn't realize it due to having not tried a sufficient range of values. If the one that works continues to work and the one that fails continues to fail, then clear they're not really *exactly* the same. > >-----Original Message----- >From: Paul DuBois [mailto:[EMAIL PROTECTED]] >Sent: Friday, February 08, 2002 10:34 AM >To: Todd Williamsen; [EMAIL PROTECTED] >Subject: RE: [PHP-DB] addslashes() > > >At 10:22 -0600 2/8/02, Todd Williamsen wrote: >>Paul, >> >>No kidding I see the problem, that is why I am asking how do I solve >it. > >By writing a content parser that is intelligent enough to recognize HTML >constructs and pass them through literally, while recognizing when your >people write other stuff containing the same characters that does not >signify HTML. In other words, a parser that can read their minds. Good >luck. :-) > >Alternatively, tell them to signal special constructs using a syntax >that doesn't overlap HTML so that you can recognize the constructs and >transform them to HTML when you render a Web page. > >Alternatively, tell them that if they want to include literal characters >like < or >, they must enter them as < or >. In this case, you >interpret the text as HTML that's already properly escaped and you >simply >display it as is with no extra conversion. > >None of these are particularly attractive. It's an ugly problem; I >suspect >it has no pretty solution. > >>I don't need the problem re-explained to me 8) >> >>-----Original Message----- >>From: Paul DuBois [mailto:[EMAIL PROTECTED]] >>Sent: Friday, February 08, 2002 10:21 AM >>To: Todd Williamsen; [EMAIL PROTECTED] >>Subject: RE: [PHP-DB] addslashes() >> >> >>At 10:06 -0600 2/8/02, Todd Williamsen wrote: >>>Paul, >>> >>>Sorry for the confusion... >>> >>>Ok.. >>> >>>I have an application where it organizes candidates for positions for >>>HR. There is a Notes field where they can update actions with the >>>potential candidate. Now this can be when this person has been >>>contacted, conversations, or just to say this person is not available, >>>etc. >> >>I assume by this you mean you have a form-based application through >>which the information is submitted. >> >>> >>>There may be a point where quotes need to be added to quote a >>candidate, >>>or I wanted to give them the option of adding HTML tags to the field >so >>>that when someone looks at the person's record, that the HTML will be >>>displayed. It wasn't just the HTML that was causing problems, but the >>>quotes as well. >> >>This makes your problem basically intractable. Sorry. >> >>If I input: Candidate requires salary < $100K and > $75K >> >>Then it like kinda like there's a tag there, because of the < and > >> >>Or if I input: Candidate has a, shall we say, "checkered" past >> >>Then the value has quotes. >> >>Now, you want to let people put in something like: >> >>Candidate has a, shall we say, <font color="red">checkered</font> past. >> >> >>Now, you can store any of those values into the database easily. Just >>use addslashes() to escape the values that are special in SQL. When >you >>retrieve the values, you'll get exactly the values as shown above. >> >>But then what do you do with them? For the first two instances, you > >need to display the <, > and " characters literally, which you might >>do by converting them to HTML entities (<, <, and ") by >>running >>the strings through htmlspecialchars() before printing them as part of >>the >>Web page. >> >>But for the third instance, you want to pass those same characters >>through to the browser so that it interprets them as HTML markup. >> >>How are you going to tell? >> >> >>See the problem? >> >> >>> >>>So... >>> >>>If I add.. >>> >>>Joe Blow said "blah blah blah" the query wouldn't execute. But if I >>>did Joe Blow said, blah blah blah, it works fine. >>> >>>I know HTML isn't as touchy and you can actually do without the >quotes, >>>ie, <font color=red>BLAH</font> it will still display red font. >>> >>>The weird thing is that I have a Job Posting section and when you >>update >>>or edit an exsisting job and add HTML, it works fine without the >>>addslashes() function, but with the Edit Candidate, it craps out... >>>Weird, both are practically carbon copies of each other, database >field >>>is both set to "TEXT" and both queries are the same structure. >>> >>>I cannot figure it out >>> >>>If you want the URL to look at it, I will send it to you. >>> >>>Thanks! >> >> >> >>-- >>PHP Database Mailing List (http://www.php.net/) >>To unsubscribe, visit: http://www.php.net/unsub.php > > > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php