parsing ' and "

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
funkymeerkat
Forum Newbie
Posts: 18
Joined: Sun Jun 13, 2004 4:16 am

parsing ' and "

Post by funkymeerkat »

Good Evening all.

Can anyone help me with this problem. Been racking my brain all day trying different things but just cannot get there.

Basically i have a form where people can submit notes. I dont want to stop them from putting in ' or " if they need to.

The problem comes when they try to view the results.

The ' appears with a \ in front like \' and where the " was added it is not in the results or anything after it.

I have looked into this magic quotes and stripslashes etc but am getting no where. I have magic quotes switched on.

The code i am using to display the results is:

<?php

$issue_team=$_GET['issue_team'];
$today = date("d/m/Y");

include("login_details.inc");

mysql_connect ($dbhost, $dbuser, $dbpass) or die (mysql_error()); //Connects to database

mysql_select_db ($dbname) or die (mysql_error()); //Selects your database



$sql = "SELECT * FROM issues where issue_status = 'Live' and issue_date = '$today' and issue_team = '$issue_team' order by issue_time desc";



$result = mysql_query($sql);

//echo $sql;

if (!$result) {
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}

if (mysql_num_rows($result) == 0) {
echo "<table border=0 cellpadding=3 cellspacing=3><tr><td><font face=Verdana size=1 color=#000000>No Issues Live</font></td></tr></table><br>";

}

// While a row of data exists, put that row in $row as an associative array
// Note: If you're expecting just one row, no need to use a loop
// Note: If you put extract($row); inside the following loop, you'll
// then create $userid, $fullname, and $userstatus etc
while ($row = mysql_fetch_assoc($result))

{
echo "<table border=0 cellpadding=3 cellspacing=3><tr>";
echo "<td><font face=verdana size=1 color=#000000><b>";
echo $row["issue_subject"];
echo "</b></td></tr><tr><td><font face=Verdana size=1>";
echo $row["issue_content"];
echo "</font></td>";
echo "</tr></table><br>";

}

mysql_free_result($result);

mysql_close();


?>


Can someone give me an indication of where i should add the relevant based on my code. I'm sure i'll understand it once shown. Would be much appreciated.

Cheers,

Paul
User avatar
Popcorn
Forum Commoner
Posts: 55
Joined: Fri Feb 21, 2003 5:19 am

Re: parsing ' and "

Post by Popcorn »

first thing: turn magic quotes off.

have a look again after turning it off. i am sure you'll find the problem with some simple debug statements to print POST/GET values. it means that you will have to handle all escaping yourself, but your code alone will have control, and it is something you have already found you need to do.

i don't think i have seen anybody advocate magic quotes. the main problem is having to assume the data you receive has has some 'processing' already applied. your code will have to rely on magic quotes wherever you move it. plus, from a conceptual standpoint, by the time the input hits your code, it is already not the 'real' input. personally, i have a little fn that checks if magic quotes is on (accidentally or if my code moves to another installation) and if so, changes the quoted input back to its original submitted value.

happy hunting.
wpsd2006
Forum Commoner
Posts: 66
Joined: Wed Jan 07, 2009 12:43 am

Re: parsing ' and "

Post by wpsd2006 »

use html_entities ... it's a php function
Post Reply