[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Escaping both single AND double quotes simultaneously?

Posted on 1999-11-15
10
Medium Priority
?
226 Views
Last Modified: 2010-04-09
I am populating a form using PHP to display the current values of the fields for editing.  Example code:

print(" <form> <input type=text name='my_field' value='$my_value'> </form> ");

But if $my_value contains a quote, the value gets truncated.  I could switch the single and double quotes, but will always have a problem with one or the other.

All I can think of is to run $my_value through a script to replace all occurences of quotation marks with &quot.  This causes a significant performance hit, and I'm wondering if there isn't a faster more efficient solution to this problem.

I've searched previous answers on this site, but couldn't find anything that worked.  Someone mentioned "triple quotes"... I'm not familiar with these, but if it means a single followed by double quote (or vice versa) then I've tried it and it doesn't work.

Thanks in advance...
0
Comment
Question by:dhuggy
10 Comments
 
LVL 4

Expert Comment

by:Palamedes
ID: 2209553
I dont know PHP very well but shouldn't you be able to write...

print(" <form> <input type=text name='my_field' value='" + $my_value + "'> </form> ");

or

print(" <form> <input type=text name='my_field' value='");
print($my_value);
print("'> </form> ");

Just a thought..
0
 

Author Comment

by:dhuggy
ID: 2209584
No... the PHP is processed on the server side, so all the client browser would see is:

<form> <input type=text name='my_field' value='$my_value'>
</form>

i.e., same problem as above.

(FYI, the first suggestion you gave is improper PHP syntax... but the second one is correct.  Thanks for the try anyway!)
0
 
LVL 2

Expert Comment

by:freshmeat
ID: 2210083
try this:
<form ...>
 <input type=text name='my_field' value='<?echo $my_value;?>'>
</form>

good luck!
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 4

Expert Comment

by:oubelkas
ID: 2210351
freshmeat's right! I work a lot with PHP, and the way freshmeat gave is the one.

Joseph
0
 
LVL 5

Expert Comment

by:mayhew
ID: 2211522
That's still going to give you a problem if $my_value has a single quote in it.

dhuggy, I'm sorry, but the only way to fix this problem is exactly what you said.  You need functionality to strip out the single quotes from your $my_value variable.

I've come up against this problem in php and asp and that's the only way to fix it.  You've got to get rid of the tick marks in the string variable.

But it shouldn't be that bad.  All you need is a function that you pass the variable into that returns the variable without tick marks.

It's been a while since I've worked with php, but if you need it I can whip up an example.

0
 

Author Comment

by:dhuggy
ID: 2211839
Freshmeat, note that this is all contained in a print statement (which is under an if statement).  So, to adapt your idea, I came up with...


print("<form ...> <input type=text name='my_field' value='");

echo $my_value;

print("'> </form>");


But this leaves me in the same hole as before.  Any single quote within the $my_value variable will be interpreted on the client side as the end of the value clause.
0
 
LVL 5

Expert Comment

by:mayhew
ID: 2211914
I think I see the answer to your question.

Sorry this took so long, but I was missing the point.  I thought the problem was centered on eventually putting the form info into a database and that *that* was the problem.

If all you're talking about is display in the form, then the solution might be easy.

You'll note that in PHP you don't have to use a print statement to write data to your html page.

E.g. (forgive my rusty syntax)

<?
if(condition){
?>

<form>
 <input type=text name="my_field" value="<?echo $my_value;?>">
</form>

<?
}
else {
....
}
?>

You can go in and out of php script at will.  It will still get processed properly on the server.

That way you can surround your $my_value with double quotes instead of single quotes as freshmeat suggested and your problem should be solved.


Let me know if that clears it up.
0
 

Author Comment

by:dhuggy
ID: 2213415
Hmm... well, it seems that clears up the single quote problem, but it creates a problem with double quotes.  I'm looking for something that would solve BOTH problems, but unless there is some other delimiter I can use besides quotes then it appears I am out of luck.  Something like:

<form>
<input type=text name="my_field" value=^$my_value^>
</form>

Except that carat marks don't work as delimiters, but you get the idea. Basically, no matter WHAT delimiter I use, I can't use that same character within the $my_value variable.  If this is true, I need to send all input through a script that replaces the appropriate characters with their entity values... a performance hit that I wanted to avoid, but that I must take.

That is, unless anyone has any additional suggestions.....?
0
 
LVL 5

Accepted Solution

by:
mayhew earned 120 total points
ID: 2215972
So you're saying that $my_value might have single *and* double quotes?

If that's the case, I don't see *any* way around the replace script.

As you suggest, there is no other delimiter.
0
 

Author Comment

by:dhuggy
ID: 2217644
Thankx for the help everyone... I ended up using the PHP function ereg_replace to change all of the single quotes to &#039.  I was hoping there was some other delimiter I could use around my value, but alas it appears not.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question