TRouble with quotes and double quotes

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
barb woolums
Forum Contributor
Posts: 134
Joined: Sun Feb 08, 2009 9:52 pm

TRouble with quotes and double quotes

Post by barb woolums »

I am trying to handle quotes and double quotes in user inputted data.

I am testing using the following string "It's 1""

This data is escaped using pg_escape_string and saved in a postgresql db. This works fine.

Then when I pull the data back out of the database it returns as "it's 1\"" which displays correctly.

My problem comes when I try to put the variable into a hidden input using a print statement to pass the value to a another page.

Can anybody tell me how to do this?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: TRouble with quotes and double quotes

Post by Christopher »

For putting values into HTML, use htmlentities() or htmlspecialchars(),
(#10850)
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: TRouble with quotes and double quotes

Post by requinix »

It's a little confusing but it sounds like you have the magic_quotes setting enabled in your php.ini? Turn it off and restart your web server.
User avatar
barb woolums
Forum Contributor
Posts: 134
Joined: Sun Feb 08, 2009 9:52 pm

Re: TRouble with quotes and double quotes

Post by barb woolums »

I tried this

Code: Select all

$name=str_replace("'","''",$name);
$nameinput=htmlspecialchars("<input type=hidden name='name' value='".$name."'>");
echo $nameinput;
But ended up with the html showing up in my page
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: TRouble with quotes and double quotes

Post by Christopher »

Yep, that's exactly what that code would do. Try:

Code: Select all

$nameinput="<input type=hidden name='name' value='".htmlspecialchars($name)."'>";
// or
$nameinput="<input type=hidden name='name' value='".urlencode($name)."'>";
(#10850)
User avatar
barb woolums
Forum Contributor
Posts: 134
Joined: Sun Feb 08, 2009 9:52 pm

Re: TRouble with quotes and double quotes

Post by barb woolums »

Getting there - Using urlencode i got an input that looks like this

Code: Select all

<input type="hidden" value="it%27%27s+1%22" name="name">
However, when I used urldecode on the next page I get

it''s 1

I can convert the '' but have lost the double quote at the end
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: TRouble with quotes and double quotes

Post by Christopher »

Post the code you use to display it on the next page (actually the code on both pages would help). And why the double single quotes now?
(#10850)
User avatar
barb woolums
Forum Contributor
Posts: 134
Joined: Sun Feb 08, 2009 9:52 pm

Re: TRouble with quotes and double quotes

Post by barb woolums »

Here is the code to create the hidden input on the first page

Code: Select all

$name="it's 1\""
$name=str_replace("'","''",$name);
$nameinput="<input type=hidden name='name' value='".htmlspecialchars($name)."'>";
echo $nameinput;
here's the code to display on the second page

Code: Select all

print(" value=".'"'.urldecode($_POST['name']).'"');
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: TRouble with quotes and double quotes

Post by Celauran »

Code: Select all

$name=str_replace("'","''",$name);
Why are you replacing single quotes with doubled single quotes?
User avatar
barb woolums
Forum Contributor
Posts: 134
Joined: Sun Feb 08, 2009 9:52 pm

Re: TRouble with quotes and double quotes

Post by barb woolums »

Yeah I don't need to do that any more. Took it out, but still get the same result.
phper2014
Forum Newbie
Posts: 8
Joined: Mon Jan 27, 2014 4:31 pm

Re: TRouble with quotes and double quotes

Post by phper2014 »

I would solve this by substituting a string value for the quotes and then replacing the quotes back in when they need to be displayed. There is no way I know of to process an escape and store it as [ \" ] the escape \ will be lost. Depending on how you intend on using the value of " or ' you may want to return the value to dec, hex, oct or html respectively instead of the string value " or '. And I always make it a practice to insert all data into a database table as hex ( %22 ) an easy way is to use urlencode() and urldecode() to return values. This will ensure that no illegal values are passed into the database. If you need to give a variable a value of HTML code a easy way to do this without using escaping is by writing the value in hex and decoding it into the variable:

Code: Select all

$foo = urldecode("%3Cinput+type%3D%22hidden%22+name%3D%22name%22+value%3D%22".$bar."%22%3E");

$foo now contains <input type="hidden" name="name" value="$bar">

substitution will also work:

if $foo contains <input type="hidden" name="name" value='$bar'>

$foo = str_replace('"', '#d_quote', $foo, $true);
$foo contains <input type=#d_quotehidden#d_quote name=#d_quotename#d_quote value=#d_quote$bar#d_quote>

$foo = str_replace("'", '#s_quote', $foo, $true);
$foo contains <input type=#d_quotehidden#d_quote name=#d_quotename#d_quote value=#s_quote$bar#s_quote>

revert values back to string " and ' values:
$foo = str_replace('#d_quote', '"', $foo, $true);
$foo = str_replace('#s_quote', "'", $foo, $true);

$foo now contains <input type="hidden" name="name" value='$bar'>
I hope this gives you some ideas and helps.
User avatar
barb woolums
Forum Contributor
Posts: 134
Joined: Sun Feb 08, 2009 9:52 pm

Re: TRouble with quotes and double quotes

Post by barb woolums »

Ok I am using the substitution method - now the value posted to the second page is "its_quotes 1d_quote"

Now I can't figure out how to display it in an input on this page
phper2014
Forum Newbie
Posts: 8
Joined: Mon Jan 27, 2014 4:31 pm

Re: TRouble with quotes and double quotes

Post by phper2014 »

Please post your PHP code and explain the required result you want it to produce and I will help you figure it out.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: TRouble with quotes and double quotes

Post by Christopher »

Try this. See what is displayed and view source to see the actual value.

test.php

Code: Select all

<form action="test.php" method="post">
<?php
if (isset($_POST['name'])) {
	echo "name=".$_POST['name'].".<br>";
} else {
	$name="it's 1\"";
	$nameinput='<input type="hidden" name="name" value="'.htmlspecialchars($name).'">';
	echo $nameinput;
}
?>
<input type="submit" name="go" value="Submit">
</form>
(#10850)
User avatar
barb woolums
Forum Contributor
Posts: 134
Joined: Sun Feb 08, 2009 9:52 pm

Re: TRouble with quotes and double quotes

Post by barb woolums »

Yay working now - thanks everyone!!!
Post Reply