Page 1 of 1
Apostrophes
Posted: Mon Jun 12, 2006 11:04 am
by j1982
I have names in a table that, when pulled off onto a php page, you can click on to see all entries of each name. Some names have apostrophes, like O'Neal, but for them, it'll cut off at the character. What can I do to make certain characters like that "recognizable"?
Posted: Mon Jun 12, 2006 11:18 am
by feyd
post your display code.
Posted: Mon Jun 12, 2006 11:38 am
by j1982
The line that links to the name log page:
Code: Select all
<a href='log_opp.php?name=$name' title='$name vs. Arkansas game log'>$name</a>
The name log page (pulling off all entries with a certain name)
Code: Select all
<?
$query = "SELECT DATE_FORMAT(date, '%c/%e/%Y') as prettydate,start,date,fg,fga,ft,fta,tfg,tfga,oreb,dreb,pf,tp,a,turn,blk,min,s,name,oppteam,treb from $userstable WHERE name = '$name' ORDER by date ASC";
$result = MYSQL_QUERY($query);
/* How many of these users are there? */
$number = MYSQL_NUMROWS($result);
/* Print these results to the screen in a nice format */
$i = 0;
IF ($number == 0) :
PRINT " ";
ELSEIF ($number > 0) :
PRINT "";
WHILE ($i < $number):
$name = mysql_result($result,$i,"name");
<<several other fields>>
PRINT "
<tr>
<td bgcolor='#ffffff'><font face='arial' size='-2'><a href='boxscore.php?date=$date' title='Click for complete stats from this game'>$prettydate</a></font></td>
<<rest of fields>>
</tr>
";
$i++;
ENDWHILE;
PRINT "";
ENDIF;
?>
Posted: Mon Jun 12, 2006 11:45 am
by feyd
pass $name through
rawurlencode() before you echo it.
Posted: Mon Jun 12, 2006 12:14 pm
by pickle
htmlentities() should work too.
Posted: Mon Jun 12, 2006 12:21 pm
by GM
You need to escape your $name variable, because effectively, php sees:
Code: Select all
<a href='log_opp.php?name=O'neal' title='$name vs. Arkansas game log'>$name</a>
you see how in the href attribute of the anchor tag the quote has been "closed" prematurely by the apostrophy in O'neal?
what you actually get is
Note, you should also escape this before you do a query with it, for the same reasons. Apostrophies can be dangerous with databases, if security is lax.
You can maybe use addslashes($name) to resolve the problem too.
Posted: Mon Jun 12, 2006 12:39 pm
by j1982
Thanks for the input... will do some adjusting.