Good Evening all.
Can anyone help me with this problem. Been racking my brain all day trying different things but just cannot get there.
Basically i have a form where people can submit notes. I dont want to stop them from putting in ' or " if they need to.
The problem comes when they try to view the results.
The ' appears with a \ in front like \' and where the " was added it is not in the results or anything after it.
I have looked into this magic quotes and stripslashes etc but am getting no where. I have magic quotes switched on.
The code i am using to display the results is:
<?php
$issue_team=$_GET['issue_team'];
$today = date("d/m/Y");
include("login_details.inc");
mysql_connect ($dbhost, $dbuser, $dbpass) or die (mysql_error()); //Connects to database
mysql_select_db ($dbname) or die (mysql_error()); //Selects your database
$sql = "SELECT * FROM issues where issue_status = 'Live' and issue_date = '$today' and issue_team = '$issue_team' order by issue_time desc";
$result = mysql_query($sql);
//echo $sql;
if (!$result) {
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}
if (mysql_num_rows($result) == 0) {
echo "<table border=0 cellpadding=3 cellspacing=3><tr><td><font face=Verdana size=1 color=#000000>No Issues Live</font></td></tr></table><br>";
}
// While a row of data exists, put that row in $row as an associative array
// Note: If you're expecting just one row, no need to use a loop
// Note: If you put extract($row); inside the following loop, you'll
// then create $userid, $fullname, and $userstatus etc
while ($row = mysql_fetch_assoc($result))
{
echo "<table border=0 cellpadding=3 cellspacing=3><tr>";
echo "<td><font face=verdana size=1 color=#000000><b>";
echo $row["issue_subject"];
echo "</b></td></tr><tr><td><font face=Verdana size=1>";
echo $row["issue_content"];
echo "</font></td>";
echo "</tr></table><br>";
}
mysql_free_result($result);
mysql_close();
?>
Can someone give me an indication of where i should add the relevant based on my code. I'm sure i'll understand it once shown. Would be much appreciated.
Cheers,
Paul
parsing ' and "
Moderator: General Moderators
Re: parsing ' and "
first thing: turn magic quotes off.
have a look again after turning it off. i am sure you'll find the problem with some simple debug statements to print POST/GET values. it means that you will have to handle all escaping yourself, but your code alone will have control, and it is something you have already found you need to do.
i don't think i have seen anybody advocate magic quotes. the main problem is having to assume the data you receive has has some 'processing' already applied. your code will have to rely on magic quotes wherever you move it. plus, from a conceptual standpoint, by the time the input hits your code, it is already not the 'real' input. personally, i have a little fn that checks if magic quotes is on (accidentally or if my code moves to another installation) and if so, changes the quoted input back to its original submitted value.
happy hunting.
have a look again after turning it off. i am sure you'll find the problem with some simple debug statements to print POST/GET values. it means that you will have to handle all escaping yourself, but your code alone will have control, and it is something you have already found you need to do.
i don't think i have seen anybody advocate magic quotes. the main problem is having to assume the data you receive has has some 'processing' already applied. your code will have to rely on magic quotes wherever you move it. plus, from a conceptual standpoint, by the time the input hits your code, it is already not the 'real' input. personally, i have a little fn that checks if magic quotes is on (accidentally or if my code moves to another installation) and if so, changes the quoted input back to its original submitted value.
happy hunting.
Re: parsing ' and "
use html_entities ... it's a php function