bmh777
asked on
stripslashes( ) and double quotes
Using this code:
reset($_POST);
while(list($key,$val) = each($_POST)){
if(is_string($val))
$_POST[$key] = stripslashes($val);
}
double quotes are always removed from my text box entries. So:
e"
becomes
e
after a POST. Why is that happening? (single quotes and backslashes are fine)
bmh
reset($_POST);
while(list($key,$val) = each($_POST)){
if(is_string($val))
$_POST[$key] = stripslashes($val);
}
double quotes are always removed from my text box entries. So:
e"
becomes
e
after a POST. Why is that happening? (single quotes and backslashes are fine)
bmh
ASKER
I'm using:
reset($_POST);
echo "<br><pre>POST Superglobal Array<br>";
var_dump($_POST);
echo "</pre>";
to see what's in the array. Every thing is fine in the array. The form entry:
e"
is stored in the POST array as
e"
but is displayed as
e
This happens in both IE 6 and NN 6.
I think I do have error_reporting set to E_ALL. How do I check?
bmh
reset($_POST);
echo "<br><pre>POST Superglobal Array<br>";
var_dump($_POST);
echo "</pre>";
to see what's in the array. Every thing is fine in the array. The form entry:
e"
is stored in the POST array as
e"
but is displayed as
e
This happens in both IE 6 and NN 6.
I think I do have error_reporting set to E_ALL. How do I check?
bmh
What's the code that you're using to display e" ??
I'm thinking you've got a problem where you're echoing your post output into an html tag that doesn't like quotes. You should probably try to display e" first by running it through the htmlentities() function:
echo htmlentities($_POST[$key],
Ie. I'm guessing you have code like this, right?
echo "<option value=\"" . $_POST[$key] . "\">" . $_POST[$key] . "</option>\n";
If so, then the HTML produced from your e" example will be:
<option value="e"">e"</option>
or some such nonsense.
the point is, you'll want it to look like this:
<option value="e"">e"</o
which the htmlentities function will do for you.
Post the code which you're using to display $_POST[$key] with as well as your resulting HTML (view the source to see). Using NN6+, the source will be colorized so that you can see your html errors better.
I think you can just do this to see which error reporting level you're at:
echo error_reporting(); // ie call the function without an argument. however, i'm just guessing here.
however, you can set error_reporting(E_ALL); at any time which will guarentee you're seeing all of the error messages coming from your script.
ASKER
reset($_POST);
while(list($key,$val) = each($_POST)){
if(is_string($val))
$_POST[$key] = stripslashes($val);
}
extract($_POST);
<tr>
<td height="15" bgcolor="#F0F8FF"></td>
<td height="15" colspan="3" valign="top" bgcolor="#F8F0D8">
<input type="text" name="first_name" value="$first_name">
<input type="text" name="middle_name" value="$middle_name" >
<input type="text" name="last_name" value="$last_name"></td>
</tr>
I'm using var_dump($_POST) for debugging only. So the echo isn't the problem. I enter "e"", click submit, and "e" is re-POSTed to the text box. As I said this is baffling because "e'" and "e/" are returned correctly.
php.ini settings
------------------
magic_quotes_gpc=On
magic_quotes_runtime=Off
magic_quotes_sybase=Off
while(list($key,$val) = each($_POST)){
if(is_string($val))
$_POST[$key] = stripslashes($val);
}
extract($_POST);
<tr>
<td height="15" bgcolor="#F0F8FF"></td>
<td height="15" colspan="3" valign="top" bgcolor="#F8F0D8">
<input type="text" name="first_name" value="$first_name">
<input type="text" name="middle_name" value="$middle_name" >
<input type="text" name="last_name" value="$last_name"></td>
</tr>
I'm using var_dump($_POST) for debugging only. So the echo isn't the problem. I enter "e"", click submit, and "e" is re-POSTed to the text box. As I said this is baffling because "e'" and "e/" are returned correctly.
php.ini settings
------------------
magic_quotes_gpc=On
magic_quotes_runtime=Off
magic_quotes_sybase=Off
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Double quotes are special and usually get converted to %22 by your browser. (This is similar to spaces getting converted to %20). Is this why you're experiencing problems?
if you could do something like this, you'd see what's in your $_POST array:
echo "<pre>\n";
print_r($_POST);
echo "</pre>\n";
Also, it never hurts to have:
error_reporting(E_ALL);
in your script while you're debugging.
Adam