apostrophe madness – PHP

  php

Q(Question):

Hello everyone.

I am TOTALLY baffled. PLEASE, I need some help here.

In the event that one must deal with a name including an apostrophe…I am
looking for an appropriate solution.

The flow of data is that the name is entered in via a form text box, stored
in a MySQL table and then read back into another form or echoed out as
needed.

The problem that I am trying to overcome is what happens when an apostrophe
is used in a name, i.e. D’linda.

When I pull the information from the table and try to insert into a text box
on a form, I only get D. No ‘linda.

I have tried escaping it, i.e. D\’linda and tried all the variations of ‘,"
and ‘".???."’ that I can think of. The challenge is placing the name in
this text box:
<input type=text name=addr size=30 maxlength=30 value=’".$row[addr]."’>
In the above code, D’linda is stored in $row[addr].

ALL input is most certainly appreciated!
– Steven

A(Answer):

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Whilst lounging around on Sun, 29 Jun 2003 16:57:52 -0700, "S.
Rhodes" <st***********@consultant.com> amazingly managed to produce
the following with their Etch-A-Sketch:

Hello everyone.

I am TOTALLY baffled. PLEASE, I need some help here.

In the event that one must deal with a name including an
apostrophe…I am looking for an appropriate solution.

The flow of data is that the name is entered in via a form text
box, stored in a MySQL table and then read back into another form
or echoed out as needed.

The problem that I am trying to overcome is what happens when an
apostrophe is used in a name, i.e. D’linda.

When I pull the information from the table and try to insert into a
text box on a form, I only get D. No ‘linda.

I have tried escaping it, i.e. D\’linda and tried all the
variations of ‘," and ‘".???."’ that I can think of. The challenge
is placing the name in this text box:
<input type=text name=addr size=30 maxlength=30
value=’".$row[addr]."’> In the above code, D’linda is stored in
$row[addr].

ALL input is most certainly appreciated!
– Steven

$string = stripslashes($string);

HTH.

Regards,

Ian

—–BEGIN PGP SIGNATURE—–
Version: PGP 8.0

iQA/AwUBPv+G5Wfqtj251CDhEQKKRwCeOfClskuNwBvWcmzGCdpIF1 gohAwAoKS5
2TflUjWihln7fTSm8dQHVr85
=9oC8
—–END PGP SIGNATURE—–


Ian.H [Design & Development]
digiServ Network – Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

A(Answer):

Message-ID: <vf************@corp.supernews.com> from S. Rhodes contained
the following:

I have tried escaping it, i.e. D\’linda and tried all the variations of ‘,"
and ‘".???."’ that I can think of. The challenge is placing the name in
this text box:
<input type=text name=addr size=30 maxlength=30 value=’".$row[addr]."’>
In the above code, D’linda is stored in $row[addr].

ALL input is most certainly appreciated!

Have you got magic quotes turned on? I don’t get this problem with my test
database and it’s pretty bog standard tutorial stuff.
http://www.ckdog.co.uk/php/sqltest8.php


Geoff Berrow
It’s only Usenet, no one dies.
My opinions, not the committee’s, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

A(Answer):

S. Rhodes wrote:

<input type=text name=addr size=30 maxlength=30 value=’".$row[addr]."’>
In the above code, D’linda is stored in $row[addr].

Use <input type=text name=addr size=30 maxlength=30
value=\"".htmlspecialchars($row[addr])."\">


James Sleeman
Gogo:Code http://www.gogo.co.nz/
Email domain : gogo.co.nz see user in from header!

A(Answer):

On Mon, 30 Jun 2003 18:20:18 +1200, James Sleeman
<ja***@seeMessageForDomain.moc> scrawled:

S. Rhodes wrote:

<input type=text name=addr size=30 maxlength=30 value=’".$row[addr]."’>
In the above code, D’linda is stored in $row[addr].

Use <input type=text name=addr size=30 maxlength=30
value=\"".htmlspecialchars($row[addr])."\">

Use PHP as it’s supposed to, and don’t just "print" everything…
then you can produce good HTML….

?>
<input type="text" name="addr" size="30" maxlength="30"
value="<?= htmlspecialchars( $row["addr"] )?>" />
<?

A(Answer):

Thank you one and all for your suggestions! I appreciate your input.

Due to Magic Quotes (runtime level) being turn off on the Server that host’s
my page, I am not able to benefit from that feature as I do not know of a
way to turn them on from a PHP script.

After reading all of the responses and trying all that was offered, I ended
up with the following:

echo "<td><input type=text name=paddr1 size=30 maxlength=30
value=\"".htmlspecialchars($row[paddr1])."\"></td></tr>";

This is doing the job, as far as populating the box appropriately.

Again, THANK YOU one and all!

– Steven

A(Answer):

Hello,

remember a few points . it is not xhtml compliant to write html code
that doesnt include "" in it.. <img cellpadding="0" /> is valid xhtml
as <img cellpadding=0 /> is not.

in php print will interp. anything between " " looking for $variables
echo does not. this is slower than using echo and concatinating.

yeah its neat to break up your <? php open and closing tags.. but
sometimes this gets annoying. so my suggestion is something like this:

echo ‘<input type="text" name="addr" size="30" maxlength="30"
value="’.$row[‘addr’].’" />’;

and please for the love of god its $row[‘addr’] not $row[addr]

i hope this was helpful 🙂

– Jonathan P Dryhurst Roberts

ne*******@black-panther.freeserve.co.uk (James) wrote in message news:<3e****************@news.freeserve.com>…

On Mon, 30 Jun 2003 18:20:18 +1200, James Sleeman
<ja***@seeMessageForDomain.moc> scrawled:

S. Rhodes wrote:

<input type=text name=addr size=30 maxlength=30 value=’".$row[addr]."’>
In the above code, D’linda is stored in $row[addr].

Use <input type=text name=addr size=30 maxlength=30
value=\"".htmlspecialchars($row[addr])."\">

Use PHP as it’s supposed to, and don’t just "print" everything…
then you can produce good HTML….

?>
<input type="text" name="addr" size="30" maxlength="30"
value="<?= htmlspecialchars( $row["addr"] )?>" />
<?

LEAVE A COMMENT