Re: [PHP] Displaying data from a MySLQ table
Don wrote: Hi Have have a varchar field in a MySQL database which contains the following 905.362.6000ls'L' I am trying to display it on my web page in a INPUT=TEXT field but all I see is: 905.362.6000 I am wondering why the trailing characters do not display even though they are present in the database when I check using PhpMyAdmin. Please help. You need to run the value through htmlentities (http://php.net/htmlentities). This email and any files transmitted with it are strictly confidential and may be privileged information. It is intended solely for the individual or company to whom it is addressed and may not be copied, forwarded, transmitted or otherwise distributed in any manner or form to any other party. If you are not the intended recipient or the person responsible for delivering this e-mail to the intended recipient, please indicate so and return this email to the sender, after which, kindly delete it from your computer as well as your email server. Without limitation, LCL Navigation accepts no liability whatsoever and howsoever caused in connection with the use of this email. And this email is strictly confidential and may be privileged information. In fact you will break the law if you read it. When you hear the sirens please don't run. If you do run we'll still get you but we'll be mighty pissed off when we do. And you never want to piss us off. You have been warned. Have a nice day ;) -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying data from a MySLQ table
Don wrote:
Hi Have have a varchar field in a MySQL database which contains the
following
905.362.6000ls'L'
I am trying to display it on my web page in a INPUT=TEXT field but all I
see is:
905.362.6000
Because it has quotes in it. I bet if you look at the source of the
page, the full value is there. If your form field looks like this...
input type=text name=foo value=$value /
It's going to output like this
input type=text name=foo value=905.362.6000ls'L' /
-^
So when the browser sees the first double quote in your value, it
assumes that you're closing off the attribute.
Try running the value thru htmlentities()
I am wondering why the trailing characters do not display even though they
are present in the database when I check using PhpMyAdmin. Please help.
Thanks in advance
My code snippet is as follows:
tr
tdfont color=#FFbPhone/b/font/td
tdinput type=text name=phone value=?PHP echo
query_database($db_account-Phone); ? size=25/td
/tr
The query_database() function is my own and looks as follows:
// smart function for querying a MySQL database
function query_database($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = mysql_real_escape_string($value);
}
return $value;
}
Why are you running mysql_real_escape_string() after selecting data?
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Displaying data from a MySLQ table
Ok, better but stil not displayting properly.
Here is what my database field has:
import.csv'/\
Here is what is displaying:
import.csv'/\ size=40 maxlength=40 onkeypress=return noenter()
It's choking on the double quote in the database field. Here is the code
snippet from my form:
input type=text name=email value=?php echo
display_database($db_accounting-Email); ? size=50/td
function display_database($value)
{
$value = htmlentities($value,ENT_COMPAT);
if (!get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return $value;
}
-Original Message-
From: Stut [mailto:[EMAIL PROTECTED]
Sent: Friday, June 30, 2006 3:49 PM
To: Don
Cc: php list
Subject: Re: [PHP] Displaying data from a MySLQ table
Don wrote:
Hi Have have a varchar field in a MySQL database which contains the
following
905.362.6000ls'L'
I am trying to display it on my web page in a INPUT=TEXT field but
all I see is:
905.362.6000
I am wondering why the trailing characters do not display even though
they are present in the database when I check using PhpMyAdmin. Please
help.
You need to run the value through htmlentities
(http://php.net/htmlentities).
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying data from a MySLQ table
On Fri, June 30, 2006 1:39 pm, Don wrote: 905.362.6000ls'L' tdinput type=text name=phone value=?PHP echo query_database($db_account-Phone); ? size=25/td So you end up with this: value=905.362.60001s'L' ^ And, in HTML, this | marks the end of the string. You know how you do mysql_real_escape_string to put data in a database? In the same way, you need http://php.net/htmlentities to put data into HTML. In fact, if you think about it, almost every time you put data from point A to point B, you need to escape it for that specific usage. data - MySQL : mysql_real_escape_string data - HTML : htmlentities data - URL : urlencode You can frequently get away with not doing the escape only because the data doesn't happen, by mere chance, to have any 'bad' characters in it. That doesn't make your code correct. It just happens to sort of work. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Displaying data from a MySLQ table
The fact that you are calling stripslashes tells me that one of two
things has occurred.
#1.
You escaped data coming into the DB *twice*, which often happens with
Magic Quotes GPC + (addslashes || mysql_real_escape_string) used
together.
Your data is corrupt, and until you fix that, you'll just have
nightmares.
#2.
You just don't understand the purpose of escaping data to go into MySQL.
The purpose of the escaping is not to STORE the data with extra slashes.
The purpose is to add extra slashes so that MySQL parser/reader can
eat them and end up with the correct raw data you had before you
escaped it.
RIGHT WAY
Raw Data Escaped Data What MySQL puts on hard drive
can'tcan\'t can't
WRONG WAY
Raw Data Doubly-escaped What MySQL puts on hard drive
can'tcan\\\'t can\'t
If you're getting can\'t out of MySQL with mysql_fetch_row, then you
are in situation #1.
If you don't but you are calling stripslashes() anyway, you are in
situation #2
On Fri, June 30, 2006 3:14 pm, Don wrote:
Ok, better but stil not displayting properly.
Here is what my database field has:
import.csv'/\
Here is what is displaying:
import.csv'/\ size=40 maxlength=40 onkeypress=return
noenter()
It's choking on the double quote in the database field. Here is the
code
snippet from my form:
input type=text name=email value=?php echo
display_database($db_accounting-Email); ? size=50/td
function display_database($value)
{
$value = htmlentities($value,ENT_COMPAT);
if (!get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return $value;
}
-Original Message-
From: Stut [mailto:[EMAIL PROTECTED]
Sent: Friday, June 30, 2006 3:49 PM
To: Don
Cc: php list
Subject: Re: [PHP] Displaying data from a MySLQ table
Don wrote:
Hi Have have a varchar field in a MySQL database which contains the
following
905.362.6000ls'L'
I am trying to display it on my web page in a INPUT=TEXT field
but
all I see is:
905.362.6000
I am wondering why the trailing characters do not display even
though
they are present in the database when I check using PhpMyAdmin.
Please
help.
You need to run the value through htmlentities
(http://php.net/htmlentities).
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
