Page 1 of 1

Parsing Special Characters and Symbols from HTML Form to PHP

Posted: Mon Feb 08, 2010 11:30 am
by devarishi
Hi,

On the HTML Form there is an Input Field as given below:

Code: Select all

 
Remarks / Note: <input type=text name="rmk" size=50 title="Example: Do not insert any media tape in Slot No. 0" />
the Action page calls a PHP page where in I am receiving the value as given below:

Code: Select all

$rmks = $_POST['rmk'];
 
$rmks = htmlspecialchars($rmks);
 
echo "Remarsk / Note: <input type=text size=45 name=note value='" . $rmks ."'>";
The Problem Area: The above code-framents work just fine only with some exception that is creating problem, namely: If we type an ' (appostrphe / single quote) mark as in don't insert then the the code line:

Code: Select all

echo "Remarsk / Note: <input type=text size=45 name=note value='" . $rmks ."'>";
would display only don and would leave out everything that follows the single quote sign including the sign itself.

To resolve this problem I tried this before assigning the variable's value to the value of the note input field:

Code: Select all

$rmks = htmlspecialchars($rmks);

But it doesn't make things any better. :banghead:

What could be the reason? How to resolve it?

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Posted: Mon Feb 08, 2010 11:36 am
by JNettles

Code: Select all

$rmks = addslashes($_POST['rmk']);
Try that. What's happening is that when you put in an apostrophe PHP thinks that you're ending the string. You've just tripped over what makes SQL injection attacks possible. :D

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Posted: Mon Feb 08, 2010 2:38 pm
by devarishi
That produces this result:

Code: Select all

 
Don\
I supplied Don't Instert...

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Posted: Mon Feb 08, 2010 2:53 pm
by AbraCadaver

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Posted: Thu Feb 11, 2010 3:00 pm
by devarishi
Sincerely speaking, that method also didn't work. :banghead:

Re: Parsing Special Characters and Symbols from HTML Form to PHP

Posted: Thu Feb 11, 2010 4:22 pm
by AbraCadaver
devarishi wrote:Sincerely speaking, that method also didn't work. :banghead:
Sure it does, you must not be doing it properly.