Hi there :)

Use the addslashes() function prior to insertion to database, and
stripslashes() on retrieval from db before you display it.

//prior to db insertion
$myvar = addslashes($myvar);

//on retrieval
$myvar = stripslashes($myvar);

Since you are wanting to display it to the user before inserting to the
databse, you'll have to add, then strip before displaying, and then use the
addslashes() again prior to inserting.

When retrieving this data at a later point you'll have to use stripslashes()

Hope this helps, Joe :)

"James Taylor" <[EMAIL PROTECTED]> wrote in message
> I'm having this one issue that's really bugging me - I have a textarea
> you can type in something - After typing it in, it goes to another page
> asking you to verify, if it's correct, it inserts it into a database.
> The page that asks you to verify holds the value of the textbox in a
> form field.  If the value the user entered in contains any single (') or
> double (") quotes, it will mess everything up.  Single quotes end up
having a
> backslash thrown automatically in front of it, and it inserts it into the
> database WITH THE backslash.  If there are double quotes, the HTML will
> messed up due to the fact that when it sees the quote, it will cut off the
> rest of the value because if:
> value="this is an example: "Hello how are you"." >
> everything after example: is going to get cut off.
> I tried putting the value in a query string, but when traveling across two
> pages, it seems to do the exact same thing.
> Any suggestions?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to