Page 1 of 1

\ inserted when user input '

Posted: Fri Dec 20, 2002 11:34 am
by justinb
Hello,
i have a form that inserts peole into database, when they have been inserted they go to a page which shows all information that was inserted. But if anyone uses a ' apostopy, the show page dosplays this

name''s

the db info is right, but whats happeneing is that people are telling me their is a mistake because of the \ anyway to get rid of this

exapmle of input page

<tr valign="top" bgcolor="#FFFFFF">
<td><font size="2" face="Arial, Helvetica, sans-serif">Business Name:</font></td>
<td> <font size="2" face="Arial, Helvetica, sans-serif">
<input name="busName" type="text" id="businessName" size="35" maxlength="75">
</font></td>
</tr>


example of showing inouted results page

<td width="249"><strong><font size="2" face="Arial, Helvetica, sans-serif">Business
Name: </font></strong></td>
<td width="238"><? echo "$busName"; ?></td>
</tr>

Posted: Fri Dec 20, 2002 11:45 am
by nathus
look up stripslashes() on php.net

Posted: Fri Dec 20, 2002 4:26 pm
by justinb
thanks again nathus,
But how do i use them, i tried this

<input name="busName" type="text" id="businessName" size="35" maxlength="75" value="<? echo(stripslashes("$busName";)) ?>">

but i get an error

Posted: Fri Dec 20, 2002 5:00 pm
by Next_Gate
the same happens to me but when i insert a " double quote... when i use the single quote i receive a mysql db error

Posted: Fri Dec 20, 2002 5:10 pm
by hob_goblin
just:

Code: Select all

<? echo stripslashes($var); ?>

Posted: Fri Dec 20, 2002 5:24 pm
by justinb
u da goblin

thanks

Posted: Fri Dec 20, 2002 6:19 pm
by Next_Gate
that worked great.. and what about the single quote(')??? how can prevent that for breaking the sql query!

Posted: Sat Dec 21, 2002 3:48 pm
by hob_goblin
if you're talking about how it needs slashes in the query, there is also the function addslashes()