Couldn't you just use substr_replace and the html endcoding for a double
quote (") ?

 <?php echo "<input type=\"hidden\" name=\"name\" value=\"" .
substr_replace($name, '/"', "&#34;"). "\">";  ?>

----- Original Message -----
From: "Georgie Casey" <[EMAIL PROTECTED]>
Sent: Thursday, March 21, 2002 2:09 PM
Subject: [PHP] Temporary MySQL Tables

> Hi,
> On my site now, there's a lengthy register process where the user has to
> fill in 5 forms, one after the another. I get the PHP script to echo the
> values from the previous into the next form by using
> <?php echo "<input type=\"hidden\" name=\"name\" value=\"" . $name .
> ?>
> for example. Then I keep carrying the information over to each extra form
> until the user reaches the last page and I insert all the info into a
> called "tempmembers" with an extra timestamp field which I use to verify
> email addresses. The user gets an email saying click here to verify your
> membership with the username and timestamp in the URL. The users clicks
> and I run a SQL command that copies the row from "tempmembers" into the
> "members" table.
> This process worked well for a while until I discovered if users enter a
> single or double quote into any of the fields, it fecks everything up. So
> added an addslashes command but it's all getting a bit hairy so I was
> looking for some advice on MySQL temporary tables for either using after
> every form or at the end of all the forms.
> Or does anyone have any other method I could use??? Thanks for any help
> you might have.
> --
> PHP General Mailing List (
> To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to