Page 1 of 1

Escaping Double Quotes

Posted: Fri Aug 21, 2009 6:09 pm
by tfloyd
Hello,

I'm having problems escaping double quotes. Here's what I'm doing:

I'm developing a directory that will allow users to write reviews. So, I collect the review in a textarea box, and then process the data with the following:

function check_input($data, $problem='')
{
$data = trim($data);
$data = addslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
die($problem);
}
return $data;
}

So, the addslashes() should escape any double quotes, right? It works on single quotes. But every time I submit a review that contains double quotes, they get put in the database as " And that's how they print when I display it.

I'm certain there is a simple solution, but I'm at my wit's end! I will appreciate any tips.

Thanks,

Tom

Re: Escaping Double Quotes

Posted: Fri Aug 21, 2009 7:04 pm
by califdon
You are instructing it to do that. Read http://www.w3schools.com/PHP/func_strin ... lchars.asp.

Re: Escaping Double Quotes

Posted: Sat Aug 22, 2009 7:40 am
by tfloyd
Thank you!

Re: Escaping Double Quotes

Posted: Sat Aug 22, 2009 9:32 am
by Eran
Don't use an encoding function to insert data to the database. Use the database escaping functions, such as mysql_real_escape_string()