Page 1 of 1

Apostrophes

Posted: Mon Jun 12, 2006 11:04 am
by j1982
I have names in a table that, when pulled off onto a php page, you can click on to see all entries of each name. Some names have apostrophes, like O'Neal, but for them, it'll cut off at the character. What can I do to make certain characters like that "recognizable"?

Posted: Mon Jun 12, 2006 11:18 am
by feyd
post your display code.

Posted: Mon Jun 12, 2006 11:38 am
by j1982
The line that links to the name log page:

Code: Select all

<a href='log_opp.php?name=$name' title='$name vs. Arkansas game log'>$name</a>
The name log page (pulling off all entries with a certain name)

Code: Select all

<?
$query = "SELECT DATE_FORMAT(date, '%c/%e/%Y') as prettydate,start,date,fg,fga,ft,fta,tfg,tfga,oreb,dreb,pf,tp,a,turn,blk,min,s,name,oppteam,treb from $userstable WHERE name = '$name' ORDER by date ASC";

$result = MYSQL_QUERY($query);

/* How many of these users are there? */
$number = MYSQL_NUMROWS($result);

/* Print these results to the screen in a nice format */
$i = 0;

IF ($number == 0) :
	PRINT " ";
ELSEIF ($number > 0) :
	PRINT "";
	WHILE ($i < $number):
		$name = mysql_result($result,$i,"name");
<<several other fields>>
		PRINT "
	<tr>
	<td bgcolor='#ffffff'><font face='arial' size='-2'><a href='boxscore.php?date=$date' title='Click for complete stats from this game'>$prettydate</a></font></td>
<<rest of fields>>
	</tr>
";
		$i++;
	ENDWHILE;
		PRINT "";
ENDIF;

?>

Posted: Mon Jun 12, 2006 11:45 am
by feyd
pass $name through rawurlencode() before you echo it.

Posted: Mon Jun 12, 2006 12:14 pm
by pickle
htmlentities() should work too.

Posted: Mon Jun 12, 2006 12:21 pm
by GM
You need to escape your $name variable, because effectively, php sees:

Code: Select all

<a href='log_opp.php?name=O'neal' title='$name vs. Arkansas game log'>$name</a>
you see how in the href attribute of the anchor tag the quote has been "closed" prematurely by the apostrophy in O'neal?

what you actually get is

Code: Select all

<a href='log_opp.php?name=O' ...
Note, you should also escape this before you do a query with it, for the same reasons. Apostrophies can be dangerous with databases, if security is lax.

You can maybe use addslashes($name) to resolve the problem too.

Posted: Mon Jun 12, 2006 12:39 pm
by j1982
Thanks for the input... will do some adjusting.