Parsing Special Characters and Symbols from HTML Form to PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
devarishi
Forum Contributor
Posts: 101
Joined: Fri Feb 05, 2010 7:15 pm

Parsing Special Characters and Symbols from HTML Form to PHP

Post by devarishi »

Hi,

On the HTML Form there is an Input Field as given below:

Code: Select all

 
Remarks / Note: <input type=text name="rmk" size=50 title="Example: Do not insert any media tape in Slot No. 0" />
the Action page calls a PHP page where in I am receiving the value as given below:

Code: Select all

$rmks = $_POST['rmk'];
 
$rmks = htmlspecialchars($rmks);
 
echo "Remarsk / Note: <input type=text size=45 name=note value='" . $rmks ."'>";
The Problem Area: The above code-framents work just fine only with some exception that is creating problem, namely: If we type an ' (appostrphe / single quote) mark as in don't insert then the the code line:

Code: Select all

echo "Remarsk / Note: <input type=text size=45 name=note value='" . $rmks ."'>";
would display only don and would leave out everything that follows the single quote sign including the sign itself.

To resolve this problem I tried this before assigning the variable's value to the value of the note input field:

Code: Select all

$rmks = htmlspecialchars($rmks);

But it doesn't make things any better. :banghead:

What could be the reason? How to resolve it?
User avatar
JNettles
Forum Contributor
Posts: 228
Joined: Mon Oct 05, 2009 4:09 pm

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Post by JNettles »

Code: Select all

$rmks = addslashes($_POST['rmk']);
Try that. What's happening is that when you put in an apostrophe PHP thinks that you're ending the string. You've just tripped over what makes SQL injection attacks possible. :D
devarishi
Forum Contributor
Posts: 101
Joined: Fri Feb 05, 2010 7:15 pm

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Post by devarishi »

That produces this result:

Code: Select all

 
Don\
I supplied Don't Instert...
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Post by AbraCadaver »

mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
devarishi
Forum Contributor
Posts: 101
Joined: Fri Feb 05, 2010 7:15 pm

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Post by devarishi »

Sincerely speaking, that method also didn't work. :banghead:
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Post by AbraCadaver »

devarishi wrote:Sincerely speaking, that method also didn't work. :banghead:
Sure it does, you must not be doing it properly.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Post Reply