Apostrophes
Moderator: General Moderators
Apostrophes
I have names in a table that, when pulled off onto a php page, you can click on to see all entries of each name. Some names have apostrophes, like O'Neal, but for them, it'll cut off at the character. What can I do to make certain characters like that "recognizable"?
The line that links to the name log page:
The name log page (pulling off all entries with a certain name)
Code: Select all
<a href='log_opp.php?name=$name' title='$name vs. Arkansas game log'>$name</a>Code: Select all
<?
$query = "SELECT DATE_FORMAT(date, '%c/%e/%Y') as prettydate,start,date,fg,fga,ft,fta,tfg,tfga,oreb,dreb,pf,tp,a,turn,blk,min,s,name,oppteam,treb from $userstable WHERE name = '$name' ORDER by date ASC";
$result = MYSQL_QUERY($query);
/* How many of these users are there? */
$number = MYSQL_NUMROWS($result);
/* Print these results to the screen in a nice format */
$i = 0;
IF ($number == 0) :
PRINT " ";
ELSEIF ($number > 0) :
PRINT "";
WHILE ($i < $number):
$name = mysql_result($result,$i,"name");
<<several other fields>>
PRINT "
<tr>
<td bgcolor='#ffffff'><font face='arial' size='-2'><a href='boxscore.php?date=$date' title='Click for complete stats from this game'>$prettydate</a></font></td>
<<rest of fields>>
</tr>
";
$i++;
ENDWHILE;
PRINT "";
ENDIF;
?>- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
pass $name through rawurlencode() before you echo it.
htmlentities() should work too.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
You need to escape your $name variable, because effectively, php sees:
you see how in the href attribute of the anchor tag the quote has been "closed" prematurely by the apostrophy in O'neal?
what you actually get is
Note, you should also escape this before you do a query with it, for the same reasons. Apostrophies can be dangerous with databases, if security is lax.
You can maybe use addslashes($name) to resolve the problem too.
Code: Select all
<a href='log_opp.php?name=O'neal' title='$name vs. Arkansas game log'>$name</a>what you actually get is
Code: Select all
<a href='log_opp.php?name=O' ...You can maybe use addslashes($name) to resolve the problem too.