Hi all,
I wonder if someone can help. I am designing a web site that is going to be used as a fault log but need some help with posting.
First off, in the php.ini file on the IIS server I have set:-
magic_quotes_gpc = off
magic_quotes_runtime = off
magic_quotes_sybase = off
I am using a standard web form with $HTTP_POST_VARS to catch the data from the posts.
In a textarea with $HTTP_POST_VARS to get the contents of the textarea - If I input:-
"HELLO WORLD" This is a 'test
When I debug, the following appears in the variable where I used the $HTTP_POST_VARS to get data:-
"HELLO WORLD" This is a
As you can see, text after the single quotes has been stripped!
Has anybody experienced this and know how to solve it, or know what I am doing wrong?
Web Form - Text disappears after single quote on posting
Moderator: General Moderators
Sorry, I think I know why but not sure how to solve it.
I am verifying the data by displaying on screen and asking user to say yes or no to changes.
If yes, the data is then posted in this way:-
<input type='hidden' value='$details' name='details'>
Obviously the single quotes are going to be an issue here and cause the problem above.
Eg:-
if I enter into a textarea,
hello'test'
then the above line will read in HTML:-
<input type='hidden' value='hello'test'' name='details'>
So, the value of details will be hello and the test'' will be dropped!
Does anyone know how to solve this?
I am verifying the data by displaying on screen and asking user to say yes or no to changes.
If yes, the data is then posted in this way:-
<input type='hidden' value='$details' name='details'>
Obviously the single quotes are going to be an issue here and cause the problem above.
Eg:-
if I enter into a textarea,
hello'test'
then the above line will read in HTML:-
<input type='hidden' value='hello'test'' name='details'>
So, the value of details will be hello and the test'' will be dropped!
Does anyone know how to solve this?
- shiznatix
- DevNet Master
- Posts: 2745
- Joined: Tue Dec 28, 2004 5:57 pm
- Location: Tallinn, Estonia
- Contact:
quite simple really 
on a side note you should use the double quotes in the html like that because htlm is supposed to have double quotes and it makes it easier to edit (notice the syntax highlighting, looks pretty huh?)
edit: the value may have a \ in it when you submit it, use stripslashes() to get rid of it but I am not sure if this will be needed and I don't have the time to test.
Code: Select all
$output = '<input type="hidden" value="'.addslashes($details).'" name="details">';edit: the value may have a \ in it when you submit it, use stripslashes() to get rid of it but I am not sure if this will be needed and I don't have the time to test.
Hi, thanks for your help.
I understand what you mean but I have the same problem in a different way:-
$output = '<input type="hidden" value="'.$siteid.'" name="siteid">
<input type="hidden" value="'.$faultid.'" name="faultid">
<input type="hidden" value="'.$raised_by.'" name="raised_by">
<input type="hidden" value="'.addslashes($details).'" name="details">
<input type="hidden" value="'.addslashes($internal_notes).'" name="internal_notes">
<input type="hidden" value="'.addslashes($internet_notes).'" name="internet_notes">
<input type="hidden" value="'.$classification.'" name="classification">
<input type="hidden" value="'.$raised_datetime.'" name="raised_datetime">
<input type="hidden" value="'.$priority.'" name="priority">
<input type="hidden" value="'.$internet_publish.'" name="internet_publish">
<input type="hidden" value="'.$raised_timestamp.'" name="raised_timestamp">
<input type="hidden" value="'.$store_info.'" name="store_info">';
echo $output."</table>
If I type into the details textarea:-
Test for Station "test"
This is the HTML output for the details input only is:-
<input type="hidden" value="Test for Station \"test\"" name="details">
So, now the value I get for details is:-
Test for Station \
Am I still doing something wrong?
I understand what you mean but I have the same problem in a different way:-
$output = '<input type="hidden" value="'.$siteid.'" name="siteid">
<input type="hidden" value="'.$faultid.'" name="faultid">
<input type="hidden" value="'.$raised_by.'" name="raised_by">
<input type="hidden" value="'.addslashes($details).'" name="details">
<input type="hidden" value="'.addslashes($internal_notes).'" name="internal_notes">
<input type="hidden" value="'.addslashes($internet_notes).'" name="internet_notes">
<input type="hidden" value="'.$classification.'" name="classification">
<input type="hidden" value="'.$raised_datetime.'" name="raised_datetime">
<input type="hidden" value="'.$priority.'" name="priority">
<input type="hidden" value="'.$internet_publish.'" name="internet_publish">
<input type="hidden" value="'.$raised_timestamp.'" name="raised_timestamp">
<input type="hidden" value="'.$store_info.'" name="store_info">';
echo $output."</table>
If I type into the details textarea:-
Test for Station "test"
This is the HTML output for the details input only is:-
<input type="hidden" value="Test for Station \"test\"" name="details">
So, now the value I get for details is:-
Test for Station \
Am I still doing something wrong?
- shiznatix
- DevNet Master
- Posts: 2745
- Joined: Tue Dec 28, 2004 5:57 pm
- Location: Tallinn, Estonia
- Contact:
thats really stange to me, maybe im missing somthing obvious? another option that I use often is to just instead of doing addslashes() do htmlentities() and this will turn a " into " or somthing simmilar and will appear on the screen as a " but it won't interfer with your html forms.
let us know if that workes
let us know if that workes