I'm collecting recipes, and I've created a form in HTML. Users click on a "preview" button to check out their response before they click on a submit button to enter it in the database.<br /><br />Everything works perfectly except when users put an apostrophe in one of the form fields. Say for example, I'm entering my famous pancake recipe. I use the recipe title: Paul's famous pancakes<br /><br />On the preview page, the output is shown as: Paul\'s famous pancakes. In order to get that variable to the next page where I do the entering of the data into the database, I pass the variable as a hidden value in a form so when it POSTs to the next page I can just use the same variable over again. But when you look at the data that is inserted into the database, it is cutting off everything after the "l" in Paul. <br /><br />I tried using the $variable = str_replace("\'","'",$variable); command, but it doesn't seem to be working for me.<br /><br />Anybody have any suggestions on what I should do? I can post my code, if necessary...<!--content-->
I don't know what the best solution was, but here is what I did.<br /><br />I noticed that on my preview page any apostrophes were coming out as being escaped, so I'd get:<br /><br />Paul\'s famous pancakes.<br /><br />So on that preview page, I added the following code to all the fields that allow text:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$variableName = str_replace("\'","'",$variableName);<br />echo $variableName;<br />$variableName= str_replace("'","",$variableName);<!--c2--></div><!--ec2--><br /><br />This converted the \' to a normal apostrophe, so when they were previewing it, it looked right to them.<br />Then it removed all apostrophes from the text, and the data is stored in the database without apostrophes. <br /><br />This works fine for me, because I'm going to extract the data from the database and put it in a book. I'm not going to display it online.<br /><br />However, I'm not sure what the solution would be if I wanted to display the data online, because in that case, you'd want to leave the apostrophes in the text.<br /><br />I'm just not experienced enough with PHP to understand how it is escaping my characters automatically in order to correct it when you pass the variable from one page to a second page as a variable, then store it again as a variable to pass to a third page.<br /><br />I hope that made sense.<!--content-->
I'm no programmer, either, but...<br /><br />From the Phorm (<!-- w --><a class="postlink" href="http://www.phorm.com">www.phorm.com</a><!-- w -->) forums:<br /><br />$Message = stripslashes($Message); where $Message is the field name<br /><br />Seems this has something to do with 'Magic Quotes' being turned on in the PHP config on the server<br /><br />The Phorm forums have a lot of very useful info about sending form data, and the program itself is very good.<br /><br />Steve<!--content-->
Paul, take a look at <a href="http://pt.php.net/manual/en/function.addslashes.php" target="_blank">addslashes()</a> <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/wink.gif" style="vertical-align:middle" emoid="
" border="0" alt="wink.gif" /><!--content-->
$value_var = stripslashes ($value_var);<br />Use to remove slash to display data on a web page.<br /><br /><br />$value_var = addslashes ($value_var);<br />Use to add the slash back to put data to a database. The slash is used to escape the apostrophe otherwise the apostrophe signifies end of the string and you only get Paul in the database instead of Paul's<br /><br />wayne<!--content-->
mysql real escape string<br /><a href="http://us2.php.net/manual/en/function.mysql-real-escape-string.php" target="_blank">http://us2.php.net/manual/en/function.mysq...cape-string.php</a><!--content-->
<!--quoteo(post=159530:date=Dec 22 2005, 06:02 PM:name=abinidi)--><div class='quotetop'>QUOTE (abinidi @ Dec 22 2005, 06:02 PM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=159530"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec--><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$variableName = str_replace("\'","'",$variableName);<br />echo $variableName;<br />$variableName= str_replace("'","",$variableName);<!--c2--></div><!--ec2--><br /><br />I hope that made sense.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />Paul:<br /><br />I tried your suggestion; however, I think I am putting it in the wrong spot. <!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$variableName = str_replace("\'","'",$variableName);<br />echo $variableName;<br />$variableName= str_replace("'","",$variableName);<br />$main_type = 'contact';<br />$message = (string) '';<br />$message.= "<br />Name:Â Â " . $_POST['name'] . "<br />Email: " . $_POST['email'] . "<br />Phone: " . $_POST['AreaCode'] . "." . $_POST['Prefix'] . "." . $_POST['Numero'] . "<br />Type: " . $_POST['inquiry_type'] . "<br />Response method: " . $_POST['respond'] . "<br />Comments: " . $_POST['comments'] . "<!--c2--></div><!--ec2--> I just dumped it there thinking that was the most likely place it should go... but it is not working. Can you please say where to place it? Many thanks!! <img src="http://www.reaganator.com/comments/super.gif" border="0" class="linked-image" /><!--content-->
Take a look at <a href="http://pt.php.net/manual/en/function.addslashes.php" target="_blank">this page</a> for some samples.<!--content-->
I don't know what the best solution was, but here is what I did.<br /><br />I noticed that on my preview page any apostrophes were coming out as being escaped, so I'd get:<br /><br />Paul\'s famous pancakes.<br /><br />So on that preview page, I added the following code to all the fields that allow text:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$variableName = str_replace("\'","'",$variableName);<br />echo $variableName;<br />$variableName= str_replace("'","",$variableName);<!--c2--></div><!--ec2--><br /><br />This converted the \' to a normal apostrophe, so when they were previewing it, it looked right to them.<br />Then it removed all apostrophes from the text, and the data is stored in the database without apostrophes. <br /><br />This works fine for me, because I'm going to extract the data from the database and put it in a book. I'm not going to display it online.<br /><br />However, I'm not sure what the solution would be if I wanted to display the data online, because in that case, you'd want to leave the apostrophes in the text.<br /><br />I'm just not experienced enough with PHP to understand how it is escaping my characters automatically in order to correct it when you pass the variable from one page to a second page as a variable, then store it again as a variable to pass to a third page.<br /><br />I hope that made sense.<!--content-->
I'm no programmer, either, but...<br /><br />From the Phorm (<!-- w --><a class="postlink" href="http://www.phorm.com">www.phorm.com</a><!-- w -->) forums:<br /><br />$Message = stripslashes($Message); where $Message is the field name<br /><br />Seems this has something to do with 'Magic Quotes' being turned on in the PHP config on the server<br /><br />The Phorm forums have a lot of very useful info about sending form data, and the program itself is very good.<br /><br />Steve<!--content-->
Paul, take a look at <a href="http://pt.php.net/manual/en/function.addslashes.php" target="_blank">addslashes()</a> <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/wink.gif" style="vertical-align:middle" emoid="
" border="0" alt="wink.gif" /><!--content-->$value_var = stripslashes ($value_var);<br />Use to remove slash to display data on a web page.<br /><br /><br />$value_var = addslashes ($value_var);<br />Use to add the slash back to put data to a database. The slash is used to escape the apostrophe otherwise the apostrophe signifies end of the string and you only get Paul in the database instead of Paul's<br /><br />wayne<!--content-->
mysql real escape string<br /><a href="http://us2.php.net/manual/en/function.mysql-real-escape-string.php" target="_blank">http://us2.php.net/manual/en/function.mysq...cape-string.php</a><!--content-->
<!--quoteo(post=159530:date=Dec 22 2005, 06:02 PM:name=abinidi)--><div class='quotetop'>QUOTE (abinidi @ Dec 22 2005, 06:02 PM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=159530"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec--><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$variableName = str_replace("\'","'",$variableName);<br />echo $variableName;<br />$variableName= str_replace("'","",$variableName);<!--c2--></div><!--ec2--><br /><br />I hope that made sense.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />Paul:<br /><br />I tried your suggestion; however, I think I am putting it in the wrong spot. <!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$variableName = str_replace("\'","'",$variableName);<br />echo $variableName;<br />$variableName= str_replace("'","",$variableName);<br />$main_type = 'contact';<br />$message = (string) '';<br />$message.= "<br />Name:Â Â " . $_POST['name'] . "<br />Email: " . $_POST['email'] . "<br />Phone: " . $_POST['AreaCode'] . "." . $_POST['Prefix'] . "." . $_POST['Numero'] . "<br />Type: " . $_POST['inquiry_type'] . "<br />Response method: " . $_POST['respond'] . "<br />Comments: " . $_POST['comments'] . "<!--c2--></div><!--ec2--> I just dumped it there thinking that was the most likely place it should go... but it is not working. Can you please say where to place it? Many thanks!! <img src="http://www.reaganator.com/comments/super.gif" border="0" class="linked-image" /><!--content-->
Take a look at <a href="http://pt.php.net/manual/en/function.addslashes.php" target="_blank">this page</a> for some samples.<!--content-->