https://www.webmaster-forums.net/crss/node/1029034 en https://www.webmaster-forums.net/serverside-scripting/quote-problems-php#comment-1170512 <p>thanks, was just gonna write that i'd figured out your last post. is the ENT-Quotes i had not been using as did not undertsand it</p> <p>grrr</p> <p>all sorted now at last - thanks</p> Mon, 02 May 2005 22:49:49 +0000 JP Stones comment 1170512 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/quote-problems-php#comment-1170511 <p>sorry,</p> <p>replace addslashes($input_data) with htmlspecialchars($input_data, ENT_QUOTES) or htmlentities($input_data, ENT_QUOTES)</p> Mon, 02 May 2005 22:43:18 +0000 Busy comment 1170511 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/quote-problems-php#comment-1170508 <p>i cant see where i would put these to make it work Busy?</p> <p>J</p> Mon, 02 May 2005 22:20:48 +0000 JP Stones comment 1170508 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/quote-problems-php#comment-1170451 <p>you could use htmlspecialchars($var, ENT_QUOTES) or if you want more characters transverted use htmlentities($var, ENT_QUOTES)</p> <p>this is instead of addslashes and you wont need to use stripslashes as it converts the quotes - " = &amp;quot ; ' = &amp;#039 ; etc</p> Sun, 01 May 2005 22:46:33 +0000 Busy comment 1170451 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/quote-problems-php#comment-1170441 <p>ok more fiddling and I have it working for double quotes but still not for single quotes</p> <p>its passing the variable through the previw phase that is the problem. </p> <p>try running the script with a single quot ein it and it displays it fine in preview but cuts it on the hidden field so that it does not go through to the final stage.... ahhhhh</p> <p>it would be great of someone could take a look for me</p> <p><div class="codeblock"><code><span style="color: #000000"><span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">// display form if first time on page<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'stage'</span><span style="color: #007700">] == \</span><span style="color: #DD0000">"start\")<br />{<br />&nbsp;&nbsp;&nbsp; echo \"Collect Data:&lt;br&gt;\";<br />&nbsp;&nbsp;&nbsp; echo \"&lt;form action='preview.php?stage=preview' method='post'&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;input name='form_field' type='text'&gt;<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;input type='submit' value='Preview Entry' class='button'&gt;<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/form&gt;\";&nbsp;&nbsp;&nbsp; <br />}<br /><br />// display preview on submit<br /><br />if (@</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'stage'] == \"preview\")<br />{<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000"> = </span><span style="color: #0000BB">$_REQUEST</span><span style="color: #007700">[</span><span style="color: #DD0000">'form_field'];<br />&nbsp;&nbsp;&nbsp; if(get_magic_quotes_gpc()) <br />&nbsp;&nbsp;&nbsp; {<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000"> = stripslashes(</span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000">);<br />&nbsp;&nbsp;&nbsp; }<br /><br />&nbsp;&nbsp;&nbsp; echo \"Preview Data:&lt;br&gt;&lt;br&gt;\";<br />&nbsp;&nbsp;&nbsp; echo </span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000">; <br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br />&nbsp;&nbsp;&nbsp; echo \"&lt;br&gt;&lt;form action='preview.php?stage=end' method='post'&gt;<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;input type='text' name='form_field' value='</span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000">'&gt;<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;input type='submit' value='Add Entry'&gt;<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/form&gt;\";<br />}<br /><br />// display confirmation page and submit to database<br />&nbsp;&nbsp;&nbsp; <br />if (</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'stage'] == \"end\")<br />{<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000"> = </span><span style="color: #0000BB">$_REQUEST</span><span style="color: #007700">[</span><span style="color: #DD0000">'form_field']; <br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000"> = addslashes(</span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000">);<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$query</span><span style="color: #DD0000"> = \"insert into element (element) values ('</span><span style="color: #0000BB">$input_data</span><span style="color: #DD0000">')\";<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$result</span><span style="color: #DD0000"> = mysql_query(</span><span style="color: #0000BB">$query</span><span style="color: #DD0000">) or die (\"Couldn't execute query.\");<br />&nbsp;&nbsp;&nbsp; echo \"Your text has been inserted into the database. &lt;a href='preview.php?stage=show'&gt;View&lt;/a&gt;\"; <br /><br />}<br /><br />if (</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'stage'] == \"show\")<br />{<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$query</span><span style="color: #DD0000"> = \"select element from element\";<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$result</span><span style="color: #DD0000"> = mysql_query(</span><span style="color: #0000BB">$query</span><span style="color: #DD0000">) or die (\"Couldn't execute query.\");<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$row</span><span style="color: #DD0000"> = mysql_fetch_array(</span><span style="color: #0000BB">$result</span><span style="color: #DD0000">);<br />&nbsp;&nbsp;&nbsp; </span><span style="color: #0000BB">$element</span><span style="color: #DD0000"> = stripslashes(</span><span style="color: #0000BB">$row</span><span style="color: #007700">[</span><span style="color: #DD0000">'element']);<br />&nbsp;&nbsp;&nbsp; echo </span><span style="color: #0000BB">$element</span><span style="color: #DD0000">;<br />}<br />?&gt;</span></span></code></div></p> <p>JP</p> Sun, 01 May 2005 17:47:09 +0000 JP Stones comment 1170441 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/quote-problems-php#comment-1170179 <p>addslashes into the database<br /> stripslashes from info out of database</p> <p>You can reverse the quotes in the form variable: $form1 = '<br /> I perfer this method so it can still be validated</p> Tue, 26 Apr 2005 21:46:11 +0000 Busy comment 1170179 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/quote-problems-php#comment-1170172 <p>I hate to point you at a competing forum, but look at the second post here:</p> <p><a href="http://www.sitepoint.com/forums/showthread.php?t=257556" class="bb-url">http://www.sitepoint.com/forums/showthread.php?t=257556</a></p> <p>It has a perfect summary of the code used for each step. In particular, I think you want addslashes, not stripslashes. But review the example at Sitepoint.</p> <p>-Tony</p> Tue, 26 Apr 2005 18:55:33 +0000 aboyd comment 1170172 at https://www.webmaster-forums.net