Wells-it.com - Web Hosting
HomeBuilding Your WebsiteWeb Programming and Application Development

quote problems in PHP

You are viewing this site as a guest. Join our community to get your questions answered and share knowledge. Active members may advertise and ask for a website critique.

JP Stones posted this at 12:28 — 26th April 2005.

They have: 2,397 posts

Joined: Nov 1998

hi all, i've been having a problem with quotes and hyphens with my php for a while.

while i know understand the basics and get submit and extract text with these froma database my particular question is more complicated so i decided to strip down my code and post it so explain why its a problem and hopefully someone can help

essentially user posts something via form, this is then previewed and the addde to db. its not submited directly. so my code works fine when no quotes are used. but put one in and you have a problem.

i've tried stripslashes and many other functions but none work for this. i've tried different ways of doing it with no luck. i really need help Sad

<?php

@$form_element = addslashes($_POST['element']);

// prepare the form

$form1 = "<form action='preview.php?stage=preview' method='post'>         
                <table width='100%' border='1' cellspacing='0' cellpadding='5'>
                  <tr>
                    <td>Your Comment:</td>
                    <td><input name='element' type='text' value='$form_element'></td>
                    <td><input type='submit' value='Submit Entry' class='button'></td>
                  </tr>
                </table>
              </form>";

// display form if first time on page
                           
if ($_GET['stage'] == "start")
{
    echo $form1;
}

// display preview on submit

if (@$_GET['stage'] == "preview")
{

    echo "Preview Form:<br><br>";   
    echo " <table width='100%' border='1' cellspacing='0' cellpadding='5'>
              <tr>
                <td>$form_element</td>
              </tr>
            </table>";

    echo "<form action='preview.php?stage=end' method='post'>
          <input type='hidden' name='element' value='$form_element'>
          <input type='submit' value='Add Entry'>
          </form>";
}

// display confirmation page and submit to database
   
if ($_GET['stage'] == "end")
{
    $query = "insert into element (element) values ('$form_element')";
    $result = mysql_query($query) or die ("Couldn't execute query.");
    echo "Your text has been inserted into the database. <a href='preview.php?stage=show'>View</a>";
}

if ($_GET['stage'] == "show")
{
    $query = "select element from element";
    $result = mysql_query($query) or die ("Couldn't execute query.");
    $row = mysql_fetch_array($result);
    $element = stripslashes($row['element']);
    echo $element;
}

?>

'

JP

JP Stones
Perforated Edge - Tearing Through Convention

A UK Based Creative Communications Agency

aboyd posted this at 18:55 — 26th April 2005.

aboyd's picture

They have: 33 posts

Joined: Nov 2004

I hate to point you at a competing forum, but look at the second post here:

http://www.sitepoint.com/forums/showthread.php?t=257556

It has a perfect summary of the code used for each step. In particular, I think you want addslashes, not stripslashes. But review the example at Sitepoint.

-Tony

Publisher Database - tools & forums for writers
Wii Underdogs - Nintendo news, polls, and discussion.
free phpBB mods

Busy posted this at 21:46 — 26th April 2005.

Busy's picture
Modrater

He has: 6,157 posts

Joined: May 2001

addslashes into the database
stripslashes from info out of database

You can reverse the quotes in the form variable: $form1 = '
I perfer this method so it can still be validated

<?bhb if(broken){ echo("It wasn't me Smiling "); } ?>
Learn HTML the ez way - EzHTML.net

Some people are like slinkies, they dont really serve any purpose but they still bring a smile to your face when you push them down the stairs ...

JP Stones posted this at 17:47 — 1st May 2005.

They have: 2,397 posts

Joined: Nov 1998

ok more fiddling and I have it working for double quotes but still not for single quotes

its passing the variable through the previw phase that is the problem.

try running the script with a single quot ein it and it displays it fine in preview but cuts it on the hidden field so that it does not go through to the final stage.... ahhhhh

it would be great of someone could take a look for me

<?php
// display form if first time on page
                           
if ($_GET['stage'] == "start\")
{
    echo \"Collect Data:<br>\";
    echo \"<form action='preview.php?stage=preview' method='post'>         
             <input name='form_field' type='text'>
             <input type='submit' value='Preview Entry' class='button'>
            </form>\";   
}

// display preview on submit

if (@$_GET['stage'] == \"preview\")
{
    $input_data = $_REQUEST['form_field'];
    if(get_magic_quotes_gpc())
    {
        $input_data = stripslashes($input_data);
    }

    echo \"Preview Data:<br><br>\";
    echo $input_data;
       
    echo \"<br><form action='preview.php?stage=end' method='post'>
          <input type='text' name='form_field' value='$input_data'>
          <input type='submit' value='Add Entry'>
          </form>\";
}

// display confirmation page and submit to database
   
if ($_GET['stage'] == \"end\")
{
    $input_data = $_REQUEST['form_field'];
    $input_data = addslashes($input_data);
    $query = \"insert into element (element) values ('$input_data')\";
    $result = mysql_query($query) or die (\"Couldn't execute query.\");
    echo \"Your text has been inserted into the database. <a href='preview.php?stage=show'>View</a>\";

}

if ($_GET['stage'] == \"show\")
{
    $query = \"select element from element\";
    $result = mysql_query($query) or die (\"Couldn't execute query.\");
    $row = mysql_fetch_array($result);
    $element = stripslashes($row['element']);
    echo $element;
}
?>

JP

JP Stones
Perforated Edge - Tearing Through Convention

A UK Based Creative Communications Agency

Busy posted this at 22:46 — 1st May 2005.

Busy's picture
Modrater

He has: 6,157 posts

Joined: May 2001

you could use htmlspecialchars($var, ENT_QUOTES) or if you want more characters transverted use htmlentities($var, ENT_QUOTES)

this is instead of addslashes and you wont need to use stripslashes as it converts the quotes - " = &quot ; ' = &#039 ; etc

<?bhb if(broken){ echo("It wasn't me Smiling "); } ?>
Learn HTML the ez way - EzHTML.net

Some people are like slinkies, they dont really serve any purpose but they still bring a smile to your face when you push them down the stairs ...

JP Stones posted this at 22:20 — 2nd May 2005.

They have: 2,397 posts

Joined: Nov 1998

i cant see where i would put these to make it work Busy?

J

Busy posted this at 22:43 — 2nd May 2005.

Busy's picture
Modrater

He has: 6,157 posts

Joined: May 2001

sorry,

replace addslashes($input_data) with htmlspecialchars($input_data, ENT_QUOTES) or htmlentities($input_data, ENT_QUOTES)

<?bhb if(broken){ echo("It wasn't me Smiling "); } ?>
Learn HTML the ez way - EzHTML.net

Some people are like slinkies, they dont really serve any purpose but they still bring a smile to your face when you push them down the stairs ...

JP Stones posted this at 22:49 — 2nd May 2005.

They have: 2,397 posts

Joined: Nov 1998

thanks, was just gonna write that i'd figured out your last post. is the ENT-Quotes i had not been using as did not undertsand it

grrr

all sorted now at last - thanks

JP Stones
Perforated Edge - Tearing Through Convention

A UK Based Creative Communications Agency