subject:"\[PHP\-DB\] Fixed Quote Marks in Inputs"

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-07 Thread Jonathan Hilgeman

Although my case was targeted specifically at forms and inputs, your
question depends on how your application would write to the text file. 

When an HTML entity is retrieved from the database and put into the VALUE of
an INPUT box or put inbetween TEXTAREA tags, the HTML entity is left encoded
in the source code, but it is translated into the quote mark character when
the page is viewed. 

So if you were to fetch a database record, put its values on a form, and hit
a submit button to save it to a text file immediately, the text file would
contain the quote marks, not the HTML entities. That's why I find this all
very useful. I am able to convert the entity just before I insert data into
the database. Once I retrieve it, in most cases the entity will be
translated anyway by the browser. Not sure if that's confusing, but that's
the best way I can think of to explain it right now...

- Jonathan

-Original Message-
From: Boaz Yahav [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 05, 2002 12:07 AM
To: Bogdan Stancescu; Jonathan Hilgeman
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs

I just read your thread and I have to say that I was intrigued both by
the subject (which is interesting) and by the different views you show.

I just have one question for Jonathan :

If you store the ' and " as ' and " what do you do if you need
to show the data later on in a non HTML format (text file for example).
Wouldn't you still need to convert back to ' and " before you show the
text?

Sincerely

  berber

Visit http://www.weberdev.com Today!!! 
To see where PHP might take you tomorrow.

-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 05, 2002 1:44 AM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs

Ok, seems like I misjudged you and I apologize for that.

I haven't changed my opinion about the very issue we've been discussing
- only
wanted to post the sentence above, just for the record.

Bogdan

Jonathan Hilgeman wrote:

> Apparently, the experienced way is to store them with slashes, which
is what
> I've followed for years. I consider years of programming to be a fair
amount
> of experience, thus qualifying me to be experienced. ANYHOW, after
finally
> thinking a bit outside the box and with some valuable input from some
> co-workers, we came up with this function which is a much more
efficient
> solution in this matter than the "experienced" way you proposed.
>
> My purpose in even posting this function was so that other people
could
> avoid having to go through the same problems I faced when using the
"proper"
> and apparently "experienced" method that I only used because I
listened to
> programmers like you (mind you, I said LIKE you, not YOU) who believe
in
> standard procedure in all cases without considering more efficient
options.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-07 Thread matt stewart


No! don't get them started again! my inbox won't take it
any more.

-Original Message-
From: Boaz Yahav [mailto:[EMAIL PROTECTED]]
Sent: 05 January 2002 08:07
To: Bogdan Stancescu; Jonathan Hilgeman
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs


I just read your thread and I have to say that I was intrigued both by
the subject (which is interesting) and by the different views you show.

I just have one question for Jonathan :

If you store the ' and " as ' and " what do you do if you need
to show the data later on in a non HTML format (text file for example).
Wouldn't you still need to convert back to ' and " before you show the
text?

Sincerely

  berber

Visit http://www.weberdev.com Today!!! 
To see where PHP might take you tomorrow.


-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 05, 2002 1:44 AM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs


Ok, seems like I misjudged you and I apologize for that.

I haven't changed my opinion about the very issue we've been discussing
- only
wanted to post the sentence above, just for the record.

Bogdan

Jonathan Hilgeman wrote:

> Apparently, the experienced way is to store them with slashes, which
is what
> I've followed for years. I consider years of programming to be a fair
amount
> of experience, thus qualifying me to be experienced. ANYHOW, after
finally
> thinking a bit outside the box and with some valuable input from some
> co-workers, we came up with this function which is a much more
efficient
> solution in this matter than the "experienced" way you proposed.
>
> My purpose in even posting this function was so that other people
could
> avoid having to go through the same problems I faced when using the
"proper"
> and apparently "experienced" method that I only used because I
listened to
> programmers like you (mind you, I said LIKE you, not YOU) who believe
in
> standard procedure in all cases without considering more efficient
options.


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.312 / Virus Database: 173 - Release Date: 31/12/01
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.312 / Virus Database: 173 - Release Date: 31/12/01
 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-05 Thread Boaz Yahav


I just read your thread and I have to say that I was intrigued both by
the subject (which is interesting) and by the different views you show.

I just have one question for Jonathan :

If you store the ' and " as ' and " what do you do if you need
to show the data later on in a non HTML format (text file for example).
Wouldn't you still need to convert back to ' and " before you show the
text?

Sincerely

  berber

Visit http://www.weberdev.com Today!!! 
To see where PHP might take you tomorrow.


-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 05, 2002 1:44 AM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs


Ok, seems like I misjudged you and I apologize for that.

I haven't changed my opinion about the very issue we've been discussing
- only
wanted to post the sentence above, just for the record.

Bogdan

Jonathan Hilgeman wrote:

> Apparently, the experienced way is to store them with slashes, which
is what
> I've followed for years. I consider years of programming to be a fair
amount
> of experience, thus qualifying me to be experienced. ANYHOW, after
finally
> thinking a bit outside the box and with some valuable input from some
> co-workers, we came up with this function which is a much more
efficient
> solution in this matter than the "experienced" way you proposed.
>
> My purpose in even posting this function was so that other people
could
> avoid having to go through the same problems I faced when using the
"proper"
> and apparently "experienced" method that I only used because I
listened to
> programmers like you (mind you, I said LIKE you, not YOU) who believe
in
> standard procedure in all cases without considering more efficient
options.


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread php3


** Reply to note from Bogdan Stancescu <[EMAIL PROTECTED]> Sat, 05 Jan 2002 05:39:46 +0200
>
> Bogdan Stancescu wrote:
>
> > Ok, finally found a valid argument! :-)
> >
> > What if the user enters "I'm aware that 2>3!"?
> >
> > Bogdan
>
> Tested it - it works. However, you'll have big problems if you'll ever need to
> echo the data. Consider this example:
>
> Enter description: 
>
> The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store
> this. You'll first use your algorithm to convert the ' into '. You store
> the result in the database.
>
> Now you want to display this data. You retrieve "Edited by Bogdan's wife
> <[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because
> that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either
> because that would result in "Edited by Bogdan's wife
> <[EMAIL PROTECTED]>" which is not right.
>
> So there, that's why you should store the text as everybody else does. :-)

Don't forget phpMyAdmin and any other programs that you might want to
access the database from. (Including the MySQL commaond line) they all
expect normal text.


If you haven't looked at phpMyAdmin, you should.




Rick Widmer
Internet Marketing Specialists
http://www.developersdesk.com

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu

Bogdan Stancescu wrote:

> Ok, finally found a valid argument! :-)
>
> What if the user enters "I'm aware that 2>3!"?
>
> Bogdan

Tested it - it works. However, you'll have big problems if you'll ever need to
echo the data. Consider this example:

Enter description: 

The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store
this. You'll first use your algorithm to convert the ' into '. You store
the result in the database.

Now you want to display this data. You retrieve "Edited by Bogdan's wife
<[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because
that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either
because that would result in "Edited by Bogdan's wife
<[EMAIL PROTECTED]>" which is not right.

So there, that's why you should store the text as everybody else does. :-)

Bogdan

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu


Ok, finally found a valid argument! :-)

What if the user enters "I'm aware that 2>3!"?

Bogdan

Jonathan Hilgeman wrote:

> And I apologize if I came off as ultra-defensive/rude. I had a bad day, a
> bright idea, and then felt like someone was tearing it to pieces. This is
> like the PHP soap opera.


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Jonathan Hilgeman


And I apologize if I came off as ultra-defensive/rude. I had a bad day, a
bright idea, and then felt like someone was tearing it to pieces. This is
like the PHP soap opera.

- Jonathan

-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 3:44 PM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs


Ok, seems like I misjudged you and I apologize for that.

I haven't changed my opinion about the very issue we've been discussing -
only
wanted to post the sentence above, just for the record.

Bogdan

Jonathan Hilgeman wrote:

> Apparently, the experienced way is to store them with slashes, which is
what
> I've followed for years. I consider years of programming to be a fair
amount
> of experience, thus qualifying me to be experienced. ANYHOW, after finally
> thinking a bit outside the box and with some valuable input from some
> co-workers, we came up with this function which is a much more efficient
> solution in this matter than the "experienced" way you proposed.
>
> My purpose in even posting this function was so that other people could
> avoid having to go through the same problems I faced when using the
"proper"
> and apparently "experienced" method that I only used because I listened to
> programmers like you (mind you, I said LIKE you, not YOU) who believe in
> standard procedure in all cases without considering more efficient
options.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu


Ok, seems like I misjudged you and I apologize for that.

I haven't changed my opinion about the very issue we've been discussing - only
wanted to post the sentence above, just for the record.

Bogdan

Jonathan Hilgeman wrote:

> Apparently, the experienced way is to store them with slashes, which is what
> I've followed for years. I consider years of programming to be a fair amount
> of experience, thus qualifying me to be experienced. ANYHOW, after finally
> thinking a bit outside the box and with some valuable input from some
> co-workers, we came up with this function which is a much more efficient
> solution in this matter than the "experienced" way you proposed.
>
> My purpose in even posting this function was so that other people could
> avoid having to go through the same problems I faced when using the "proper"
> and apparently "experienced" method that I only used because I listened to
> programmers like you (mind you, I said LIKE you, not YOU) who believe in
> standard procedure in all cases without considering more efficient options.


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Jonathan Hilgeman

Apparently, the experienced way is to store them with slashes, which is what
I've followed for years. I consider years of programming to be a fair amount
of experience, thus qualifying me to be experienced. ANYHOW, after finally
thinking a bit outside the box and with some valuable input from some
co-workers, we came up with this function which is a much more efficient
solution in this matter than the "experienced" way you proposed. 

My purpose in even posting this function was so that other people could
avoid having to go through the same problems I faced when using the "proper"
and apparently "experienced" method that I only used because I listened to
programmers like you (mind you, I said LIKE you, not YOU) who believe in
standard procedure in all cases without considering more efficient options. 

- Jonathan

-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 3:11 PM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs

Ok, as I said before, you can store whatever you please in your database.
However, please don't "speak as an experienced web programmer" when not
longer
than three hours ago you finally found a solution to store quoted text in a
database.

Bogdan

Jonathan Hilgeman wrote:

> I realize that part - my whole point was that it didn't really matter how
it
> was stored as long as it gets extracted/parsed correctly. With that in
mind,
> instead of using 3 functions to store, extract, and parse the data, I can
> use one function to prepare the data to be stored in a format that can be
> extracted directly into an form-friendly format.
>
> Not to mention that HTML entities are still ASCII characters, and I do not
> foresee any problems with using the HTML entities in place of quote marks.
>
> To me, it makes the most sense. Quote marks are generally special
characters
> used everywhere, and storing them as quote marks instead of the entities
> seems to be asking for trouble, in my opinion. I've stored values using
> slashes for the past few years, and that method has given so many
> problems... Speaking as an experienced web programmer, I believe this is a
> much more practical method for a lot of us.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu


Ok, as I said before, you can store whatever you please in your database.
However, please don't "speak as an experienced web programmer" when not longer
than three hours ago you finally found a solution to store quoted text in a
database.

Bogdan

Jonathan Hilgeman wrote:

> I realize that part - my whole point was that it didn't really matter how it
> was stored as long as it gets extracted/parsed correctly. With that in mind,
> instead of using 3 functions to store, extract, and parse the data, I can
> use one function to prepare the data to be stored in a format that can be
> extracted directly into an form-friendly format.
>
> Not to mention that HTML entities are still ASCII characters, and I do not
> foresee any problems with using the HTML entities in place of quote marks.
>
> To me, it makes the most sense. Quote marks are generally special characters
> used everywhere, and storing them as quote marks instead of the entities
> seems to be asking for trouble, in my opinion. I've stored values using
> slashes for the past few years, and that method has given so many
> problems... Speaking as an experienced web programmer, I believe this is a
> much more practical method for a lot of us.


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Jonathan Hilgeman

I realize that part - my whole point was that it didn't really matter how it
was stored as long as it gets extracted/parsed correctly. With that in mind,
instead of using 3 functions to store, extract, and parse the data, I can
use one function to prepare the data to be stored in a format that can be
extracted directly into an form-friendly format.

Not to mention that HTML entities are still ASCII characters, and I do not
foresee any problems with using the HTML entities in place of quote marks. 

To me, it makes the most sense. Quote marks are generally special characters
used everywhere, and storing them as quote marks instead of the entities
seems to be asking for trouble, in my opinion. I've stored values using
slashes for the past few years, and that method has given so many
problems... Speaking as an experienced web programmer, I believe this is a
much more practical method for a lot of us. 

- Jonathan

-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 2:39 PM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs

Oh, one more thing - maybe you don't understand what the slashing is for:
you
don't store \" in the database -- the slash is there just so the MySQL
statement is correct. MySQL knows about slashing and will replace your \"
with
" so what you store in the database is exactly what the user typed in the
input
box.

Bogdan

Jonathan Hilgeman wrote:

> How is it the \"proper\" way to do it and why does it have to remain the
> \"proper\" way of doing it? Simply because it retains the same character
in
> the database? What good is that if the data will simply be extracted and
> unslashed at a later point anyway?
>
> How the data is kept internally should not be an issue if it is only
stored
> to be later extracted and parsed anyway. That's a partial reason we use
> timestamps instead of storing the full date everywhere. It's called proper
> representation.
>
> And I think in cases where HTML forms are used in conjunction with
> databases, the HTML equivalents are a heck of a lot more proper than
> slashes, not to mention more efficient. The only downside I see is that
> instead of taking up 2 characters, it takes up 6, but since many fields we
> all use won't ever contain quotes, I see it as a more than reasonable
> trade-off.
>
> I personally consider it a bad habit to use slashes unless you're dealing
> with regexes. And not everybody does it that way.
>
> - Jonathan
>
> -Original Message-
> From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 1:41 PM
> To: Jonathan Hilgeman
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs
>
> That would be because this way you'll end up with the proper data in the
> database instead of HTML-encoded strings. Plus it's the proper way to do
it
> --
> everybody does it this way and it's a good habit.
>
> Bogdan
>
> Jonathan Hilgeman wrote:
>
> > I thought I made it somewhat clear:
> > > when I'm dealing with form inputs that can contain quote marks
> >
> > Why run 3 functions at separate times when you can run one once just
> before
> > data is inserted into the database?
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu


Oh, one more thing - maybe you don't understand what the slashing is for: you
don't store \" in the database -- the slash is there just so the MySQL
statement is correct. MySQL knows about slashing and will replace your \" with
" so what you store in the database is exactly what the user typed in the input
box.

Bogdan

Jonathan Hilgeman wrote:

> How is it the \"proper\" way to do it and why does it have to remain the
> \"proper\" way of doing it? Simply because it retains the same character in
> the database? What good is that if the data will simply be extracted and
> unslashed at a later point anyway?
>
> How the data is kept internally should not be an issue if it is only stored
> to be later extracted and parsed anyway. That's a partial reason we use
> timestamps instead of storing the full date everywhere. It's called proper
> representation.
>
> And I think in cases where HTML forms are used in conjunction with
> databases, the HTML equivalents are a heck of a lot more proper than
> slashes, not to mention more efficient. The only downside I see is that
> instead of taking up 2 characters, it takes up 6, but since many fields we
> all use won't ever contain quotes, I see it as a more than reasonable
> trade-off.
>
> I personally consider it a bad habit to use slashes unless you're dealing
> with regexes. And not everybody does it that way.
>
> - Jonathan
>
> -Original Message-
> From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 1:41 PM
> To: Jonathan Hilgeman
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs
>
> That would be because this way you'll end up with the proper data in the
> database instead of HTML-encoded strings. Plus it's the proper way to do it
> --
> everybody does it this way and it's a good habit.
>
> Bogdan
>
> Jonathan Hilgeman wrote:
>
> > I thought I made it somewhat clear:
> > > when I'm dealing with form inputs that can contain quote marks
> >
> > Why run 3 functions at separate times when you can run one once just
> before
> > data is inserted into the database?
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu


It seems obvious to me that you can do whatever you please - I was just
suggesting what seems to me as the proper way to do it.

Why I say it's the proper way to do the job is because you never know about
future development and storing the data in ASCII seems to me as the most
convenient approach to avoid possible problems later on. But then again, this
is my own opinion - you are free to implement whatever solution you find most
suitable.

Bogdan

Jonathan Hilgeman wrote:

> How is it the \"proper\" way to do it and why does it have to remain the
> \"proper\" way of doing it? Simply because it retains the same character in
> the database? What good is that if the data will simply be extracted and
> unslashed at a later point anyway?
>
> How the data is kept internally should not be an issue if it is only stored
> to be later extracted and parsed anyway. That's a partial reason we use
> timestamps instead of storing the full date everywhere. It's called proper
> representation.
>
> And I think in cases where HTML forms are used in conjunction with
> databases, the HTML equivalents are a heck of a lot more proper than
> slashes, not to mention more efficient. The only downside I see is that
> instead of taking up 2 characters, it takes up 6, but since many fields we
> all use won't ever contain quotes, I see it as a more than reasonable
> trade-off.
>
> I personally consider it a bad habit to use slashes unless you're dealing
> with regexes. And not everybody does it that way.
>
> - Jonathan
>
> -Original Message-
> From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 1:41 PM
> To: Jonathan Hilgeman
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs
>
> That would be because this way you'll end up with the proper data in the
> database instead of HTML-encoded strings. Plus it's the proper way to do it
> --
> everybody does it this way and it's a good habit.
>
> Bogdan
>
> Jonathan Hilgeman wrote:
>
> > I thought I made it somewhat clear:
> > > when I'm dealing with form inputs that can contain quote marks
> >
> > Why run 3 functions at separate times when you can run one once just
> before
> > data is inserted into the database?
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Jonathan Hilgeman

How is it the \"proper\" way to do it and why does it have to remain the
\"proper\" way of doing it? Simply because it retains the same character in
the database? What good is that if the data will simply be extracted and
unslashed at a later point anyway?

How the data is kept internally should not be an issue if it is only stored
to be later extracted and parsed anyway. That's a partial reason we use
timestamps instead of storing the full date everywhere. It's called proper
representation.

And I think in cases where HTML forms are used in conjunction with
databases, the HTML equivalents are a heck of a lot more proper than
slashes, not to mention more efficient. The only downside I see is that
instead of taking up 2 characters, it takes up 6, but since many fields we
all use won't ever contain quotes, I see it as a more than reasonable
trade-off. 

I personally consider it a bad habit to use slashes unless you're dealing
with regexes. And not everybody does it that way.

- Jonathan

-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 1:41 PM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs

That would be because this way you'll end up with the proper data in the
database instead of HTML-encoded strings. Plus it's the proper way to do it
--
everybody does it this way and it's a good habit.

Bogdan

Jonathan Hilgeman wrote:

> I thought I made it somewhat clear:
> > when I'm dealing with form inputs that can contain quote marks
>
> Why run 3 functions at separate times when you can run one once just
before
> data is inserted into the database?

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu

That would be because this way you'll end up with the proper data in the
database instead of HTML-encoded strings. Plus it's the proper way to do it --
everybody does it this way and it's a good habit.

Bogdan

Jonathan Hilgeman wrote:

> I thought I made it somewhat clear:
> > when I'm dealing with form inputs that can contain quote marks
>
> Why run 3 functions at separate times when you can run one once just before
> data is inserted into the database?

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Jonathan Hilgeman


I thought I made it somewhat clear:
> when I'm dealing with form inputs that can contain quote marks

Why run 3 functions at separate times when you can run one once just before
data is inserted into the database?

- Jonathan

-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 12:48 PM
To: Jonathan Hilgeman
Cc: 'Rick Emery'; '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs


Those are two different things. You never mentioned your HTML problem,
that's
why nobody adressed it.

So, the proper way to do it is:
1. Insert into the database using addslashes();
2. Use stripslashes() after retrieving the data if you need to;
3. Use htmlspecialchars() for displaying the data in HTML or htmlentities()
if
you still have problems.

Bogdan

Jonathan Hilgeman wrote:

> I've tried those methods, but they cause problems when the values are
loaded
> back into INPUTs for editing. For instance, even if the database-stored
> value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an
> INPUT so it looks like:
>
> 
>
> Or try double-quotes:
>
> 
>
> You'll see what I mean.
>
> By using the HTML equivalents, the value can be loaded back into an input
> box flawlessly for easy updating, and it will display correctly when being
> pulled from the database for other usage.
>
> - Jonathan
>
> -Original Message-
> From: Rick Emery [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 12:11 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs
>
> Another option is to use PHP's addslashes() and stripslashes() functions.
> These will add/remove slashes in front of quotes to make them database
> friendly.
>
> -Original Message-----
> From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 2:05 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Fixed Quote Marks in Inputs
>
> I finally came up with a reliable solution that I can use when I'm dealing
> with form inputs that can contain quote marks (single or double quotes).
To
> store quote marks, you can str_replace them with their HTML code
> equivalents. For single quote marks, this is ', and for double quote
> marks it's "
>
> So before I insert any input into my database, I run my below function on
> all the data:
>
> // Replace quotes with their ' and " equivalents
> function PrepareQuotes($Var)
> {
> $Var = str_replace("'","'",$Var);
> $Var = str_replace('"',""",$Var);
> return $Var;
> }
>
> Hope this helps someone else.
>
> - Jonathan
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Bogdan Stancescu


Those are two different things. You never mentioned your HTML problem, that's
why nobody adressed it.

So, the proper way to do it is:
1. Insert into the database using addslashes();
2. Use stripslashes() after retrieving the data if you need to;
3. Use htmlspecialchars() for displaying the data in HTML or htmlentities() if
you still have problems.

Bogdan

Jonathan Hilgeman wrote:

> I've tried those methods, but they cause problems when the values are loaded
> back into INPUTs for editing. For instance, even if the database-stored
> value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an
> INPUT so it looks like:
>
> 
>
> Or try double-quotes:
>
> 
>
> You'll see what I mean.
>
> By using the HTML equivalents, the value can be loaded back into an input
> box flawlessly for easy updating, and it will display correctly when being
> pulled from the database for other usage.
>
> - Jonathan
>
> -Original Message-
> From: Rick Emery [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 12:11 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs
>
> Another option is to use PHP's addslashes() and stripslashes() functions.
> These will add/remove slashes in front of quotes to make them database
> friendly.
>
> -Original Message-
> From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 2:05 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Fixed Quote Marks in Inputs
>
> I finally came up with a reliable solution that I can use when I'm dealing
> with form inputs that can contain quote marks (single or double quotes). To
> store quote marks, you can str_replace them with their HTML code
> equivalents. For single quote marks, this is ', and for double quote
> marks it's "
>
> So before I insert any input into my database, I run my below function on
> all the data:
>
> // Replace quotes with their ' and " equivalents
> function PrepareQuotes($Var)
> {
> $Var = str_replace("'","'",$Var);
> $Var = str_replace('"',""",$Var);
> return $Var;
> }
>
> Hope this helps someone else.
>
> - Jonathan
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Jonathan Hilgeman


I've tried those methods, but they cause problems when the values are loaded
back into INPUTs for editing. For instance, even if the database-stored
value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an
INPUT so it looks like:



Or try double-quotes:



You'll see what I mean.

By using the HTML equivalents, the value can be loaded back into an input
box flawlessly for easy updating, and it will display correctly when being
pulled from the database for other usage.

- Jonathan

-Original Message-
From: Rick Emery [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 12:11 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs


Another option is to use PHP's addslashes() and stripslashes() functions.
These will add/remove slashes in front of quotes to make them database
friendly.

-Original Message-
From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 2:05 PM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Fixed Quote Marks in Inputs


I finally came up with a reliable solution that I can use when I'm dealing
with form inputs that can contain quote marks (single or double quotes). To
store quote marks, you can str_replace them with their HTML code
equivalents. For single quote marks, this is ', and for double quote
marks it's "

So before I insert any input into my database, I run my below function on
all the data:

// Replace quotes with their ' and " equivalents
function PrepareQuotes($Var)
{
$Var = str_replace("'","'",$Var);
$Var = str_replace('"',""",$Var);
return $Var;
}

Hope this helps someone else.

- Jonathan

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Rick Emery

Another option is to use PHP's addslashes() and stripslashes() functions.
These will add/remove slashes in front of quotes to make them database
friendly.

-Original Message-
From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 2:05 PM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Fixed Quote Marks in Inputs

I finally came up with a reliable solution that I can use when I'm dealing
with form inputs that can contain quote marks (single or double quotes). To
store quote marks, you can str_replace them with their HTML code
equivalents. For single quote marks, this is ', and for double quote
marks it's "

So before I insert any input into my database, I run my below function on
all the data:

// Replace quotes with their ' and " equivalents
function PrepareQuotes($Var)
{
$Var = str_replace("'","'",$Var);
$Var = str_replace('"',""",$Var);
return $Var;
}

Hope this helps someone else.

- Jonathan

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DB] Fixed Quote Marks in Inputs

2002-01-04 Thread Jonathan Hilgeman


I finally came up with a reliable solution that I can use when I'm dealing
with form inputs that can contain quote marks (single or double quotes). To
store quote marks, you can str_replace them with their HTML code
equivalents. For single quote marks, this is ', and for double quote
marks it's "

So before I insert any input into my database, I run my below function on
all the data:

// Replace quotes with their ' and " equivalents
function PrepareQuotes($Var)
{
$Var = str_replace("'","'",$Var);
$Var = str_replace('"',""",$Var);
return $Var;
}

Hope this helps someone else.

- Jonathan

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

Re: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

RE: [PHP-DB] Fixed Quote Marks in Inputs

[PHP-DB] Fixed Quote Marks in Inputs

20 matches

Site Navigation

Mail list logo

Footer information