Escaping ' tags from search outputs

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
stylus
Forum Newbie
Posts: 17
Joined: Fri Dec 16, 2005 9:22 am

Escaping ' tags from search outputs

Post by stylus »

Hello,

When I run this page it automatically returns all the records from my database, and the "Johnny's Selected Seeds" record becomes "selected". The option tag is broken because of the ' in the name of the company and then the "selected" becomes part of the HTML tag. This is what it looks like when I view source:

"<option value=Johnny's Selected Seeds>Johnny's Selected Seeds</option>"

What do I need to use to escape around the data output so that the html tags dont see the ' ??


Here is my code thus far:

Code: Select all

<form name="search" action="sqltest.php" method="post">
<input type="text" name="search">
<input type="submit" name="submit" value="go">
</form>


<?
$server="REMOVED BY HAWLEYJR;
$username="REMOVED BY HAWLEYJR";
$password="REMOVED BY HAWLEYJR";
$sqlconnect=mssql_connect($server, $username, $password);
$sqldb=mssql_select_db("COApgar",$sqlconnect);
$sqlquery="SELECT CustomerName FROM ARCustomers WHERE CustomerName LIKE '$_POST[search]%' ORDER BY CustomerName;";
$results= mssql_query($sqlquery);

echo "<select name='subcat'><option> </option>";
while($row = mssql_fetch_array($results)) {
echo "<option value=$row[CustomerName]>$row[CustomerName]</option>";
}
echo "</select>";
echo "<input type=submit value=Submit>";
echo "</form>";
mssql_close($sqlconnect);
?>
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

you need to put quotes around the value:

Code: Select all

<option value="Johnny's Selected Seeds">Johnny's Selected Seeds</option>

If the Value as a double quote in it you need to replace the double qoute with: "
stylus
Forum Newbie
Posts: 17
Joined: Fri Dec 16, 2005 9:22 am

Post by stylus »

Hello,

If I set it up like this:
echo '<option value="$row[CustomerName]">$row[CustomerName]</option>';

I get an error message:

Parse error: parse error, unexpected T_VARIABLE, expecting ',' or ';' in D:\Data\Inetpub\wwwroot\sqltest.php on line 18


If I set it up like this:
echo '<option value="$row[CustomerName]">$row[CustomerName]</option>';

The displayed text in the drop down list is $row[CustomerName]
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

PHP doesn't parse values in single quotes, so you would need to change:

Code: Select all

echo '<option value="$row[CustomerName]">$row[CustomerName]</option>';
to something like

Code: Select all

echo '<option value="'.$row[CustomerName].'">'.$row[CustomerName].'</option>';
Mac
stylus
Forum Newbie
Posts: 17
Joined: Fri Dec 16, 2005 9:22 am

Post by stylus »

ah ha, it is the periods before and after that I needed make it work.

Thanks
Post Reply