Page 1 of 1

Web Form - Text disappears after single quote on posting

Posted: Tue Mar 07, 2006 4:34 am
by johnali3n
Hi all,

I wonder if someone can help. I am designing a web site that is going to be used as a fault log but need some help with posting.

First off, in the php.ini file on the IIS server I have set:-

magic_quotes_gpc = off
magic_quotes_runtime = off
magic_quotes_sybase = off

I am using a standard web form with $HTTP_POST_VARS to catch the data from the posts.


In a textarea with $HTTP_POST_VARS to get the contents of the textarea - If I input:-

"HELLO WORLD" This is a 'test

When I debug, the following appears in the variable where I used the $HTTP_POST_VARS to get data:-

"HELLO WORLD" This is a

As you can see, text after the single quotes has been stripped!


Has anybody experienced this and know how to solve it, or know what I am doing wrong?

Posted: Tue Mar 07, 2006 4:42 am
by johnali3n
Sorry, I think I know why but not sure how to solve it.

I am verifying the data by displaying on screen and asking user to say yes or no to changes.

If yes, the data is then posted in this way:-

<input type='hidden' value='$details' name='details'>

Obviously the single quotes are going to be an issue here and cause the problem above.

Eg:-

if I enter into a textarea,

hello'test'

then the above line will read in HTML:-

<input type='hidden' value='hello'test'' name='details'>

So, the value of details will be hello and the test'' will be dropped!

Does anyone know how to solve this?

Posted: Tue Mar 07, 2006 6:34 am
by shiznatix
quite simple really :)

Code: Select all

$output = '<input type="hidden" value="'.addslashes($details).'" name="details">';
on a side note you should use the double quotes in the html like that because htlm is supposed to have double quotes and it makes it easier to edit (notice the syntax highlighting, looks pretty huh?)

edit: the value may have a \ in it when you submit it, use stripslashes() to get rid of it but I am not sure if this will be needed and I don't have the time to test.

Posted: Tue Mar 07, 2006 7:45 am
by johnali3n
Hi, thanks for your help.

I understand what you mean but I have the same problem in a different way:-

$output = '<input type="hidden" value="'.$siteid.'" name="siteid">
<input type="hidden" value="'.$faultid.'" name="faultid">
<input type="hidden" value="'.$raised_by.'" name="raised_by">
<input type="hidden" value="'.addslashes($details).'" name="details">
<input type="hidden" value="'.addslashes($internal_notes).'" name="internal_notes">
<input type="hidden" value="'.addslashes($internet_notes).'" name="internet_notes">
<input type="hidden" value="'.$classification.'" name="classification">
<input type="hidden" value="'.$raised_datetime.'" name="raised_datetime">
<input type="hidden" value="'.$priority.'" name="priority">
<input type="hidden" value="'.$internet_publish.'" name="internet_publish">
<input type="hidden" value="'.$raised_timestamp.'" name="raised_timestamp">
<input type="hidden" value="'.$store_info.'" name="store_info">';
echo $output."</table>


If I type into the details textarea:-

Test for Station "test"


This is the HTML output for the details input only is:-

<input type="hidden" value="Test for Station \"test\"" name="details">

So, now the value I get for details is:-

Test for Station \


Am I still doing something wrong?

Posted: Tue Mar 07, 2006 7:57 am
by shiznatix
thats really stange to me, maybe im missing somthing obvious? another option that I use often is to just instead of doing addslashes() do htmlentities() and this will turn a " into &quot or somthing simmilar and will appear on the screen as a " but it won't interfer with your html forms.

let us know if that workes

Posted: Tue Mar 07, 2006 8:30 am
by johnali3n
This seemed to do the trick:-

$details = htmlspecialchars($HTTP_POST_VARS['details']);

then amended the query so it doesnt have an addslashes function.

Thanks for your help and hope this is of use to others!