RE: [PHP-DB] Fixed Quote Marks in Inputs
Although my case was targeted specifically at forms and inputs, your question depends on how your application would write to the text file. When an HTML entity is retrieved from the database and put into the VALUE of an INPUT box or put inbetween TEXTAREA tags, the HTML entity is left encoded in the source code, but it is translated into the quote mark character when the page is viewed. So if you were to fetch a database record, put its values on a form, and hit a submit button to save it to a text file immediately, the text file would contain the quote marks, not the HTML entities. That's why I find this all very useful. I am able to convert the entity just before I insert data into the database. Once I retrieve it, in most cases the entity will be translated anyway by the browser. Not sure if that's confusing, but that's the best way I can think of to explain it right now... - Jonathan -Original Message- From: Boaz Yahav [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 05, 2002 12:07 AM To: Bogdan Stancescu; Jonathan Hilgeman Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs I just read your thread and I have to say that I was intrigued both by the subject (which is interesting) and by the different views you show. I just have one question for Jonathan : If you store the ' and " as ' and " what do you do if you need to show the data later on in a non HTML format (text file for example). Wouldn't you still need to convert back to ' and " before you show the text? Sincerely berber Visit http://www.weberdev.com Today!!! To see where PHP might take you tomorrow. -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 05, 2002 1:44 AM To: Jonathan Hilgeman Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Ok, seems like I misjudged you and I apologize for that. I haven't changed my opinion about the very issue we've been discussing - only wanted to post the sentence above, just for the record. Bogdan Jonathan Hilgeman wrote: > Apparently, the experienced way is to store them with slashes, which is what > I've followed for years. I consider years of programming to be a fair amount > of experience, thus qualifying me to be experienced. ANYHOW, after finally > thinking a bit outside the box and with some valuable input from some > co-workers, we came up with this function which is a much more efficient > solution in this matter than the "experienced" way you proposed. > > My purpose in even posting this function was so that other people could > avoid having to go through the same problems I faced when using the "proper" > and apparently "experienced" method that I only used because I listened to > programmers like you (mind you, I said LIKE you, not YOU) who believe in > standard procedure in all cases without considering more efficient options. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
No! don't get them started again! my inbox won't take it any more. -Original Message- From: Boaz Yahav [mailto:[EMAIL PROTECTED]] Sent: 05 January 2002 08:07 To: Bogdan Stancescu; Jonathan Hilgeman Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs I just read your thread and I have to say that I was intrigued both by the subject (which is interesting) and by the different views you show. I just have one question for Jonathan : If you store the ' and " as ' and " what do you do if you need to show the data later on in a non HTML format (text file for example). Wouldn't you still need to convert back to ' and " before you show the text? Sincerely berber Visit http://www.weberdev.com Today!!! To see where PHP might take you tomorrow. -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 05, 2002 1:44 AM To: Jonathan Hilgeman Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Ok, seems like I misjudged you and I apologize for that. I haven't changed my opinion about the very issue we've been discussing - only wanted to post the sentence above, just for the record. Bogdan Jonathan Hilgeman wrote: > Apparently, the experienced way is to store them with slashes, which is what > I've followed for years. I consider years of programming to be a fair amount > of experience, thus qualifying me to be experienced. ANYHOW, after finally > thinking a bit outside the box and with some valuable input from some > co-workers, we came up with this function which is a much more efficient > solution in this matter than the "experienced" way you proposed. > > My purpose in even posting this function was so that other people could > avoid having to go through the same problems I faced when using the "proper" > and apparently "experienced" method that I only used because I listened to > programmers like you (mind you, I said LIKE you, not YOU) who believe in > standard procedure in all cases without considering more efficient options. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.312 / Virus Database: 173 - Release Date: 31/12/01 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.312 / Virus Database: 173 - Release Date: 31/12/01 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
I just read your thread and I have to say that I was intrigued both by the subject (which is interesting) and by the different views you show. I just have one question for Jonathan : If you store the ' and " as ' and " what do you do if you need to show the data later on in a non HTML format (text file for example). Wouldn't you still need to convert back to ' and " before you show the text? Sincerely berber Visit http://www.weberdev.com Today!!! To see where PHP might take you tomorrow. -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 05, 2002 1:44 AM To: Jonathan Hilgeman Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Ok, seems like I misjudged you and I apologize for that. I haven't changed my opinion about the very issue we've been discussing - only wanted to post the sentence above, just for the record. Bogdan Jonathan Hilgeman wrote: > Apparently, the experienced way is to store them with slashes, which is what > I've followed for years. I consider years of programming to be a fair amount > of experience, thus qualifying me to be experienced. ANYHOW, after finally > thinking a bit outside the box and with some valuable input from some > co-workers, we came up with this function which is a much more efficient > solution in this matter than the "experienced" way you proposed. > > My purpose in even posting this function was so that other people could > avoid having to go through the same problems I faced when using the "proper" > and apparently "experienced" method that I only used because I listened to > programmers like you (mind you, I said LIKE you, not YOU) who believe in > standard procedure in all cases without considering more efficient options. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
** Reply to note from Bogdan Stancescu <[EMAIL PROTECTED]> Sat, 05 Jan 2002 05:39:46 +0200 > > Bogdan Stancescu wrote: > > > Ok, finally found a valid argument! :-) > > > > What if the user enters "I'm aware that 2>3!"? > > > > Bogdan > > Tested it - it works. However, you'll have big problems if you'll ever need to > echo the data. Consider this example: > > Enter description: > > The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store > this. You'll first use your algorithm to convert the ' into '. You store > the result in the database. > > Now you want to display this data. You retrieve "Edited by Bogdan's wife > <[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because > that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either > because that would result in "Edited by Bogdan's wife > <[EMAIL PROTECTED]>" which is not right. > > So there, that's why you should store the text as everybody else does. :-) Don't forget phpMyAdmin and any other programs that you might want to access the database from. (Including the MySQL commaond line) they all expect normal text. If you haven't looked at phpMyAdmin, you should. Rick Widmer Internet Marketing Specialists http://www.developersdesk.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
Bogdan Stancescu wrote: > Ok, finally found a valid argument! :-) > > What if the user enters "I'm aware that 2>3!"? > > Bogdan Tested it - it works. However, you'll have big problems if you'll ever need to echo the data. Consider this example: Enter description: The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store this. You'll first use your algorithm to convert the ' into '. You store the result in the database. Now you want to display this data. You retrieve "Edited by Bogdan's wife <[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either because that would result in "Edited by Bogdan's wife <[EMAIL PROTECTED]>" which is not right. So there, that's why you should store the text as everybody else does. :-) Bogdan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
Ok, finally found a valid argument! :-) What if the user enters "I'm aware that 2>3!"? Bogdan Jonathan Hilgeman wrote: > And I apologize if I came off as ultra-defensive/rude. I had a bad day, a > bright idea, and then felt like someone was tearing it to pieces. This is > like the PHP soap opera. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
And I apologize if I came off as ultra-defensive/rude. I had a bad day, a bright idea, and then felt like someone was tearing it to pieces. This is like the PHP soap opera. - Jonathan -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 3:44 PM To: Jonathan Hilgeman Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Ok, seems like I misjudged you and I apologize for that. I haven't changed my opinion about the very issue we've been discussing - only wanted to post the sentence above, just for the record. Bogdan Jonathan Hilgeman wrote: > Apparently, the experienced way is to store them with slashes, which is what > I've followed for years. I consider years of programming to be a fair amount > of experience, thus qualifying me to be experienced. ANYHOW, after finally > thinking a bit outside the box and with some valuable input from some > co-workers, we came up with this function which is a much more efficient > solution in this matter than the "experienced" way you proposed. > > My purpose in even posting this function was so that other people could > avoid having to go through the same problems I faced when using the "proper" > and apparently "experienced" method that I only used because I listened to > programmers like you (mind you, I said LIKE you, not YOU) who believe in > standard procedure in all cases without considering more efficient options. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
Ok, seems like I misjudged you and I apologize for that. I haven't changed my opinion about the very issue we've been discussing - only wanted to post the sentence above, just for the record. Bogdan Jonathan Hilgeman wrote: > Apparently, the experienced way is to store them with slashes, which is what > I've followed for years. I consider years of programming to be a fair amount > of experience, thus qualifying me to be experienced. ANYHOW, after finally > thinking a bit outside the box and with some valuable input from some > co-workers, we came up with this function which is a much more efficient > solution in this matter than the "experienced" way you proposed. > > My purpose in even posting this function was so that other people could > avoid having to go through the same problems I faced when using the "proper" > and apparently "experienced" method that I only used because I listened to > programmers like you (mind you, I said LIKE you, not YOU) who believe in > standard procedure in all cases without considering more efficient options. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
Apparently, the experienced way is to store them with slashes, which is what I've followed for years. I consider years of programming to be a fair amount of experience, thus qualifying me to be experienced. ANYHOW, after finally thinking a bit outside the box and with some valuable input from some co-workers, we came up with this function which is a much more efficient solution in this matter than the "experienced" way you proposed. My purpose in even posting this function was so that other people could avoid having to go through the same problems I faced when using the "proper" and apparently "experienced" method that I only used because I listened to programmers like you (mind you, I said LIKE you, not YOU) who believe in standard procedure in all cases without considering more efficient options. - Jonathan -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 3:11 PM To: Jonathan Hilgeman Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Ok, as I said before, you can store whatever you please in your database. However, please don't "speak as an experienced web programmer" when not longer than three hours ago you finally found a solution to store quoted text in a database. Bogdan Jonathan Hilgeman wrote: > I realize that part - my whole point was that it didn't really matter how it > was stored as long as it gets extracted/parsed correctly. With that in mind, > instead of using 3 functions to store, extract, and parse the data, I can > use one function to prepare the data to be stored in a format that can be > extracted directly into an form-friendly format. > > Not to mention that HTML entities are still ASCII characters, and I do not > foresee any problems with using the HTML entities in place of quote marks. > > To me, it makes the most sense. Quote marks are generally special characters > used everywhere, and storing them as quote marks instead of the entities > seems to be asking for trouble, in my opinion. I've stored values using > slashes for the past few years, and that method has given so many > problems... Speaking as an experienced web programmer, I believe this is a > much more practical method for a lot of us. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
Ok, as I said before, you can store whatever you please in your database. However, please don't "speak as an experienced web programmer" when not longer than three hours ago you finally found a solution to store quoted text in a database. Bogdan Jonathan Hilgeman wrote: > I realize that part - my whole point was that it didn't really matter how it > was stored as long as it gets extracted/parsed correctly. With that in mind, > instead of using 3 functions to store, extract, and parse the data, I can > use one function to prepare the data to be stored in a format that can be > extracted directly into an form-friendly format. > > Not to mention that HTML entities are still ASCII characters, and I do not > foresee any problems with using the HTML entities in place of quote marks. > > To me, it makes the most sense. Quote marks are generally special characters > used everywhere, and storing them as quote marks instead of the entities > seems to be asking for trouble, in my opinion. I've stored values using > slashes for the past few years, and that method has given so many > problems... Speaking as an experienced web programmer, I believe this is a > much more practical method for a lot of us. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
I realize that part - my whole point was that it didn't really matter how it was stored as long as it gets extracted/parsed correctly. With that in mind, instead of using 3 functions to store, extract, and parse the data, I can use one function to prepare the data to be stored in a format that can be extracted directly into an form-friendly format. Not to mention that HTML entities are still ASCII characters, and I do not foresee any problems with using the HTML entities in place of quote marks. To me, it makes the most sense. Quote marks are generally special characters used everywhere, and storing them as quote marks instead of the entities seems to be asking for trouble, in my opinion. I've stored values using slashes for the past few years, and that method has given so many problems... Speaking as an experienced web programmer, I believe this is a much more practical method for a lot of us. - Jonathan -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 2:39 PM To: Jonathan Hilgeman Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Oh, one more thing - maybe you don't understand what the slashing is for: you don't store \" in the database -- the slash is there just so the MySQL statement is correct. MySQL knows about slashing and will replace your \" with " so what you store in the database is exactly what the user typed in the input box. Bogdan Jonathan Hilgeman wrote: > How is it the \"proper\" way to do it and why does it have to remain the > \"proper\" way of doing it? Simply because it retains the same character in > the database? What good is that if the data will simply be extracted and > unslashed at a later point anyway? > > How the data is kept internally should not be an issue if it is only stored > to be later extracted and parsed anyway. That's a partial reason we use > timestamps instead of storing the full date everywhere. It's called proper > representation. > > And I think in cases where HTML forms are used in conjunction with > databases, the HTML equivalents are a heck of a lot more proper than > slashes, not to mention more efficient. The only downside I see is that > instead of taking up 2 characters, it takes up 6, but since many fields we > all use won't ever contain quotes, I see it as a more than reasonable > trade-off. > > I personally consider it a bad habit to use slashes unless you're dealing > with regexes. And not everybody does it that way. > > - Jonathan > > -Original Message- > From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 1:41 PM > To: Jonathan Hilgeman > Cc: '[EMAIL PROTECTED]' > Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs > > That would be because this way you'll end up with the proper data in the > database instead of HTML-encoded strings. Plus it's the proper way to do it > -- > everybody does it this way and it's a good habit. > > Bogdan > > Jonathan Hilgeman wrote: > > > I thought I made it somewhat clear: > > > when I'm dealing with form inputs that can contain quote marks > > > > Why run 3 functions at separate times when you can run one once just > before > > data is inserted into the database? > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
Oh, one more thing - maybe you don't understand what the slashing is for: you don't store \" in the database -- the slash is there just so the MySQL statement is correct. MySQL knows about slashing and will replace your \" with " so what you store in the database is exactly what the user typed in the input box. Bogdan Jonathan Hilgeman wrote: > How is it the \"proper\" way to do it and why does it have to remain the > \"proper\" way of doing it? Simply because it retains the same character in > the database? What good is that if the data will simply be extracted and > unslashed at a later point anyway? > > How the data is kept internally should not be an issue if it is only stored > to be later extracted and parsed anyway. That's a partial reason we use > timestamps instead of storing the full date everywhere. It's called proper > representation. > > And I think in cases where HTML forms are used in conjunction with > databases, the HTML equivalents are a heck of a lot more proper than > slashes, not to mention more efficient. The only downside I see is that > instead of taking up 2 characters, it takes up 6, but since many fields we > all use won't ever contain quotes, I see it as a more than reasonable > trade-off. > > I personally consider it a bad habit to use slashes unless you're dealing > with regexes. And not everybody does it that way. > > - Jonathan > > -Original Message- > From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 1:41 PM > To: Jonathan Hilgeman > Cc: '[EMAIL PROTECTED]' > Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs > > That would be because this way you'll end up with the proper data in the > database instead of HTML-encoded strings. Plus it's the proper way to do it > -- > everybody does it this way and it's a good habit. > > Bogdan > > Jonathan Hilgeman wrote: > > > I thought I made it somewhat clear: > > > when I'm dealing with form inputs that can contain quote marks > > > > Why run 3 functions at separate times when you can run one once just > before > > data is inserted into the database? > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
It seems obvious to me that you can do whatever you please - I was just suggesting what seems to me as the proper way to do it. Why I say it's the proper way to do the job is because you never know about future development and storing the data in ASCII seems to me as the most convenient approach to avoid possible problems later on. But then again, this is my own opinion - you are free to implement whatever solution you find most suitable. Bogdan Jonathan Hilgeman wrote: > How is it the \"proper\" way to do it and why does it have to remain the > \"proper\" way of doing it? Simply because it retains the same character in > the database? What good is that if the data will simply be extracted and > unslashed at a later point anyway? > > How the data is kept internally should not be an issue if it is only stored > to be later extracted and parsed anyway. That's a partial reason we use > timestamps instead of storing the full date everywhere. It's called proper > representation. > > And I think in cases where HTML forms are used in conjunction with > databases, the HTML equivalents are a heck of a lot more proper than > slashes, not to mention more efficient. The only downside I see is that > instead of taking up 2 characters, it takes up 6, but since many fields we > all use won't ever contain quotes, I see it as a more than reasonable > trade-off. > > I personally consider it a bad habit to use slashes unless you're dealing > with regexes. And not everybody does it that way. > > - Jonathan > > -Original Message- > From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 1:41 PM > To: Jonathan Hilgeman > Cc: '[EMAIL PROTECTED]' > Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs > > That would be because this way you'll end up with the proper data in the > database instead of HTML-encoded strings. Plus it's the proper way to do it > -- > everybody does it this way and it's a good habit. > > Bogdan > > Jonathan Hilgeman wrote: > > > I thought I made it somewhat clear: > > > when I'm dealing with form inputs that can contain quote marks > > > > Why run 3 functions at separate times when you can run one once just > before > > data is inserted into the database? > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
How is it the \"proper\" way to do it and why does it have to remain the \"proper\" way of doing it? Simply because it retains the same character in the database? What good is that if the data will simply be extracted and unslashed at a later point anyway? How the data is kept internally should not be an issue if it is only stored to be later extracted and parsed anyway. That's a partial reason we use timestamps instead of storing the full date everywhere. It's called proper representation. And I think in cases where HTML forms are used in conjunction with databases, the HTML equivalents are a heck of a lot more proper than slashes, not to mention more efficient. The only downside I see is that instead of taking up 2 characters, it takes up 6, but since many fields we all use won't ever contain quotes, I see it as a more than reasonable trade-off. I personally consider it a bad habit to use slashes unless you're dealing with regexes. And not everybody does it that way. - Jonathan -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 1:41 PM To: Jonathan Hilgeman Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs That would be because this way you'll end up with the proper data in the database instead of HTML-encoded strings. Plus it's the proper way to do it -- everybody does it this way and it's a good habit. Bogdan Jonathan Hilgeman wrote: > I thought I made it somewhat clear: > > when I'm dealing with form inputs that can contain quote marks > > Why run 3 functions at separate times when you can run one once just before > data is inserted into the database? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
That would be because this way you'll end up with the proper data in the database instead of HTML-encoded strings. Plus it's the proper way to do it -- everybody does it this way and it's a good habit. Bogdan Jonathan Hilgeman wrote: > I thought I made it somewhat clear: > > when I'm dealing with form inputs that can contain quote marks > > Why run 3 functions at separate times when you can run one once just before > data is inserted into the database? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
I thought I made it somewhat clear: > when I'm dealing with form inputs that can contain quote marks Why run 3 functions at separate times when you can run one once just before data is inserted into the database? - Jonathan -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 12:48 PM To: Jonathan Hilgeman Cc: 'Rick Emery'; '[EMAIL PROTECTED]' Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs Those are two different things. You never mentioned your HTML problem, that's why nobody adressed it. So, the proper way to do it is: 1. Insert into the database using addslashes(); 2. Use stripslashes() after retrieving the data if you need to; 3. Use htmlspecialchars() for displaying the data in HTML or htmlentities() if you still have problems. Bogdan Jonathan Hilgeman wrote: > I've tried those methods, but they cause problems when the values are loaded > back into INPUTs for editing. For instance, even if the database-stored > value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an > INPUT so it looks like: > > > > Or try double-quotes: > > > > You'll see what I mean. > > By using the HTML equivalents, the value can be loaded back into an input > box flawlessly for easy updating, and it will display correctly when being > pulled from the database for other usage. > > - Jonathan > > -Original Message- > From: Rick Emery [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 12:11 PM > To: [EMAIL PROTECTED] > Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs > > Another option is to use PHP's addslashes() and stripslashes() functions. > These will add/remove slashes in front of quotes to make them database > friendly. > > -Original Message----- > From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 2:05 PM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Fixed Quote Marks in Inputs > > I finally came up with a reliable solution that I can use when I'm dealing > with form inputs that can contain quote marks (single or double quotes). To > store quote marks, you can str_replace them with their HTML code > equivalents. For single quote marks, this is ', and for double quote > marks it's " > > So before I insert any input into my database, I run my below function on > all the data: > > // Replace quotes with their ' and " equivalents > function PrepareQuotes($Var) > { > $Var = str_replace("'","'",$Var); > $Var = str_replace('"',""",$Var); > return $Var; > } > > Hope this helps someone else. > > - Jonathan > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Fixed Quote Marks in Inputs
Those are two different things. You never mentioned your HTML problem, that's why nobody adressed it. So, the proper way to do it is: 1. Insert into the database using addslashes(); 2. Use stripslashes() after retrieving the data if you need to; 3. Use htmlspecialchars() for displaying the data in HTML or htmlentities() if you still have problems. Bogdan Jonathan Hilgeman wrote: > I've tried those methods, but they cause problems when the values are loaded > back into INPUTs for editing. For instance, even if the database-stored > value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an > INPUT so it looks like: > > > > Or try double-quotes: > > > > You'll see what I mean. > > By using the HTML equivalents, the value can be loaded back into an input > box flawlessly for easy updating, and it will display correctly when being > pulled from the database for other usage. > > - Jonathan > > -Original Message- > From: Rick Emery [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 12:11 PM > To: [EMAIL PROTECTED] > Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs > > Another option is to use PHP's addslashes() and stripslashes() functions. > These will add/remove slashes in front of quotes to make them database > friendly. > > -Original Message- > From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 2:05 PM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Fixed Quote Marks in Inputs > > I finally came up with a reliable solution that I can use when I'm dealing > with form inputs that can contain quote marks (single or double quotes). To > store quote marks, you can str_replace them with their HTML code > equivalents. For single quote marks, this is ', and for double quote > marks it's " > > So before I insert any input into my database, I run my below function on > all the data: > > // Replace quotes with their ' and " equivalents > function PrepareQuotes($Var) > { > $Var = str_replace("'","'",$Var); > $Var = str_replace('"',""",$Var); > return $Var; > } > > Hope this helps someone else. > > - Jonathan > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
I've tried those methods, but they cause problems when the values are loaded back into INPUTs for editing. For instance, even if the database-stored value is Mark\'s Pet Named \"Flea Muffin\", try loading that value into an INPUT so it looks like: Or try double-quotes: You'll see what I mean. By using the HTML equivalents, the value can be loaded back into an input box flawlessly for easy updating, and it will display correctly when being pulled from the database for other usage. - Jonathan -Original Message- From: Rick Emery [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [PHP-DB] Fixed Quote Marks in Inputs Another option is to use PHP's addslashes() and stripslashes() functions. These will add/remove slashes in front of quotes to make them database friendly. -Original Message- From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 2:05 PM To: [EMAIL PROTECTED] Subject: [PHP-DB] Fixed Quote Marks in Inputs I finally came up with a reliable solution that I can use when I'm dealing with form inputs that can contain quote marks (single or double quotes). To store quote marks, you can str_replace them with their HTML code equivalents. For single quote marks, this is ', and for double quote marks it's " So before I insert any input into my database, I run my below function on all the data: // Replace quotes with their ' and " equivalents function PrepareQuotes($Var) { $Var = str_replace("'","'",$Var); $Var = str_replace('"',""",$Var); return $Var; } Hope this helps someone else. - Jonathan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Fixed Quote Marks in Inputs
Another option is to use PHP's addslashes() and stripslashes() functions. These will add/remove slashes in front of quotes to make them database friendly. -Original Message- From: Jonathan Hilgeman [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 2:05 PM To: [EMAIL PROTECTED] Subject: [PHP-DB] Fixed Quote Marks in Inputs I finally came up with a reliable solution that I can use when I'm dealing with form inputs that can contain quote marks (single or double quotes). To store quote marks, you can str_replace them with their HTML code equivalents. For single quote marks, this is ', and for double quote marks it's " So before I insert any input into my database, I run my below function on all the data: // Replace quotes with their ' and " equivalents function PrepareQuotes($Var) { $Var = str_replace("'","'",$Var); $Var = str_replace('"',""",$Var); return $Var; } Hope this helps someone else. - Jonathan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Fixed Quote Marks in Inputs
I finally came up with a reliable solution that I can use when I'm dealing with form inputs that can contain quote marks (single or double quotes). To store quote marks, you can str_replace them with their HTML code equivalents. For single quote marks, this is ', and for double quote marks it's " So before I insert any input into my database, I run my below function on all the data: // Replace quotes with their ' and " equivalents function PrepareQuotes($Var) { $Var = str_replace("'","'",$Var); $Var = str_replace('"',""",$Var); return $Var; } Hope this helps someone else. - Jonathan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]