Re: [PHP] StripSlashes Problem
I use the following php code to build a dynamic table retrieving values from a MySQL databases that have been inserted with slashes added - echo td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='.StripSlashes(mysql_result($badgedetails, $i, 'descr')).' tabindex='1'//td; The problem is, if the value to be displayed is for example O'Neill, then the output will look something like - td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='O'Neill' tabindex='1'//td Quite correctly, when this page is rendered, all that will be displayed is O as the apostrophe after the O will be treated as a closing parenthesis. I understand AddSlashes and StripSlashes but how can I utilise them to resolve this issue. HTML doesn't understand that a slash means to escape a character. What you need to do is use htmlentities() or htmlspecialchars() on the data before you place it between your quotes. echo td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='.htmlentities(mysql_result($badgedetails, $i, 'descr')).' tabindex='1'//td; Note: You should not have to be doing stripslashes() on data coming from your database unless magic_quotes_runtime is ON. If your data is coming out with slashes in it, or you can SEE the slashes in the actual data in the database, then you are calling addslashes() twice on your data somehow. I also kind of question why you have mysql_result in there. It's faster to use the mysql_fetch_* functions... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] StripSlashes Problem
John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I can see the slashes in the database when I look at the tables but I am fairly sure that I do not add slashes twice? Are they being added automatically somewhere as a result of a setting in the php.ini file? With regards to my use of mysql_result as opposed to mysql_fetch_* functions, I was ignorant of the performance hit and I will now re think around my database code. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] StripSlashes Problem
If magic_quotes_gpc is ON, then the data is getting addslashes() automatically on a form submission. If you are doing it again, that's where the problem is. ---John Holmes... - Original Message - From: Mark Colvin [EMAIL PROTECTED] To: '1LT John W. Holmes' [EMAIL PROTECTED] Cc: Php (E-mail) [EMAIL PROTECTED] Sent: Friday, August 02, 2002 6:37 AM Subject: RE: [PHP] StripSlashes Problem John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I can see the slashes in the database when I look at the tables but I am fairly sure that I do not add slashes twice? Are they being added automatically somewhere as a result of a setting in the php.ini file? With regards to my use of mysql_result as opposed to mysql_fetch_* functions, I was ignorant of the performance hit and I will now re think around my database code. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] StripSlashes Problem
I would suggest you rather do the following ( over and above the htmlentities as already suggested ) In stead of doing echo html with single='quotes'; to rather echo 'html with double=quotes'; The reason is; there is a difference between echo 'stuff' ; and echo stuff; The first (single quotes) is treated as literal content, ie, PHP justs echo's, does no parsing, while the double-quotes means PHP will look at the content between the quotes and parse any variables etc. So, if you are not echoing anything that needs to be parsed, use single quotes. eg. ?php $var = 'testing'; echo '$varbr'; echo $varbr; ? produses: $var testing It just saves on overhead, and in your case, you would not have run into this problem... Mark Colvin wrote: John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I can see the slashes in the database when I look at the tables but I am fairly sure that I do not add slashes twice? Are they being added automatically somewhere as a result of a setting in the php.ini file? With regards to my use of mysql_result as opposed to mysql_fetch_* functions, I was ignorant of the performance hit and I will now re think around my database code. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] StripSlashes Problem
John, Thank you. This solves the problem. Petre, Thank you for your reply. I wasn't aware of the difference and will bear this in mind. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
