Escaping both single AND double quotes simultaneously?
I am populating a form using PHP to display the current values of the fields for editing. Example code:
print(" <form> <input type=text name='my_field' value='$my_value'> </form> ");
But if $my_value contains a quote, the value gets truncated. I could switch the single and double quotes, but will always have a problem with one or the other.
All I can think of is to run $my_value through a script to replace all occurences of quotation marks with ". This causes a significant performance hit, and I'm wondering if there isn't a faster more efficient solution to this problem.
I've searched previous answers on this site, but couldn't find anything that worked. Someone mentioned "triple quotes"... I'm not familiar with these, but if it means a single followed by double quote (or vice versa) then I've tried it and it doesn't work.
Thanks in advance...
print(" <form> <input type=text name='my_field' value='$my_value'> </form> ");
But if $my_value contains a quote, the value gets truncated. I could switch the single and double quotes, but will always have a problem with one or the other.
All I can think of is to run $my_value through a script to replace all occurences of quotation marks with ". This causes a significant performance hit, and I'm wondering if there isn't a faster more efficient solution to this problem.
I've searched previous answers on this site, but couldn't find anything that worked. Someone mentioned "triple quotes"... I'm not familiar with these, but if it means a single followed by double quote (or vice versa) then I've tried it and it doesn't work.
Thanks in advance...
ASKER
No... the PHP is processed on the server side, so all the client browser would see is:
<form> <input type=text name='my_field' value='$my_value'>
</form>
i.e., same problem as above.
(FYI, the first suggestion you gave is improper PHP syntax... but the second one is correct. Thanks for the try anyway!)
<form> <input type=text name='my_field' value='$my_value'>
</form>
i.e., same problem as above.
(FYI, the first suggestion you gave is improper PHP syntax... but the second one is correct. Thanks for the try anyway!)
try this:
<form ...>
<input type=text name='my_field' value='<?echo $my_value;?>'>
</form>
good luck!
<form ...>
<input type=text name='my_field' value='<?echo $my_value;?>'>
</form>
good luck!
freshmeat's right! I work a lot with PHP, and the way freshmeat gave is the one.
Joseph
Joseph
That's still going to give you a problem if $my_value has a single quote in it.
dhuggy, I'm sorry, but the only way to fix this problem is exactly what you said. You need functionality to strip out the single quotes from your $my_value variable.
I've come up against this problem in php and asp and that's the only way to fix it. You've got to get rid of the tick marks in the string variable.
But it shouldn't be that bad. All you need is a function that you pass the variable into that returns the variable without tick marks.
It's been a while since I've worked with php, but if you need it I can whip up an example.
dhuggy, I'm sorry, but the only way to fix this problem is exactly what you said. You need functionality to strip out the single quotes from your $my_value variable.
I've come up against this problem in php and asp and that's the only way to fix it. You've got to get rid of the tick marks in the string variable.
But it shouldn't be that bad. All you need is a function that you pass the variable into that returns the variable without tick marks.
It's been a while since I've worked with php, but if you need it I can whip up an example.
ASKER
Freshmeat, note that this is all contained in a print statement (which is under an if statement). So, to adapt your idea, I came up with...
print("<form ...> <input type=text name='my_field' value='");
echo $my_value;
print("'> </form>");
But this leaves me in the same hole as before. Any single quote within the $my_value variable will be interpreted on the client side as the end of the value clause.
print("<form ...> <input type=text name='my_field' value='");
echo $my_value;
print("'> </form>");
But this leaves me in the same hole as before. Any single quote within the $my_value variable will be interpreted on the client side as the end of the value clause.
I think I see the answer to your question.
Sorry this took so long, but I was missing the point. I thought the problem was centered on eventually putting the form info into a database and that *that* was the problem.
If all you're talking about is display in the form, then the solution might be easy.
You'll note that in PHP you don't have to use a print statement to write data to your html page.
E.g. (forgive my rusty syntax)
<?
if(condition){
?>
<form>
<input type=text name="my_field" value="<?echo $my_value;?>">
</form>
<?
}
else {
....
}
?>
You can go in and out of php script at will. It will still get processed properly on the server.
That way you can surround your $my_value with double quotes instead of single quotes as freshmeat suggested and your problem should be solved.
Let me know if that clears it up.
Sorry this took so long, but I was missing the point. I thought the problem was centered on eventually putting the form info into a database and that *that* was the problem.
If all you're talking about is display in the form, then the solution might be easy.
You'll note that in PHP you don't have to use a print statement to write data to your html page.
E.g. (forgive my rusty syntax)
<?
if(condition){
?>
<form>
<input type=text name="my_field" value="<?echo $my_value;?>">
</form>
<?
}
else {
....
}
?>
You can go in and out of php script at will. It will still get processed properly on the server.
That way you can surround your $my_value with double quotes instead of single quotes as freshmeat suggested and your problem should be solved.
Let me know if that clears it up.
ASKER
Hmm... well, it seems that clears up the single quote problem, but it creates a problem with double quotes. I'm looking for something that would solve BOTH problems, but unless there is some other delimiter I can use besides quotes then it appears I am out of luck. Something like:
<form>
<input type=text name="my_field" value=^$my_value^>
</form>
Except that carat marks don't work as delimiters, but you get the idea. Basically, no matter WHAT delimiter I use, I can't use that same character within the $my_value variable. If this is true, I need to send all input through a script that replaces the appropriate characters with their entity values... a performance hit that I wanted to avoid, but that I must take.
That is, unless anyone has any additional suggestions.....?
<form>
<input type=text name="my_field" value=^$my_value^>
</form>
Except that carat marks don't work as delimiters, but you get the idea. Basically, no matter WHAT delimiter I use, I can't use that same character within the $my_value variable. If this is true, I need to send all input through a script that replaces the appropriate characters with their entity values... a performance hit that I wanted to avoid, but that I must take.
That is, unless anyone has any additional suggestions.....?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thankx for the help everyone... I ended up using the PHP function ereg_replace to change all of the single quotes to '. I was hoping there was some other delimiter I could use around my value, but alas it appears not.
print(" <form> <input type=text name='my_field' value='" + $my_value + "'> </form> ");
or
print(" <form> <input type=text name='my_field' value='");
print($my_value);
print("'> </form> ");
Just a thought..