?
Solved

stripslashes( ) and double quotes

Posted on 2003-03-18
5
Medium Priority
?
556 Views
Last Modified: 2013-12-12
Using this code:

reset($_POST);
while(list($key,$val) = each($_POST)){
  if(is_string($val))
    $_POST[$key] = stripslashes($val);
}

double quotes are always removed from my text box entries.  So:

e"

becomes

e

after a POST. Why is that happening? (single quotes and backslashes are fine)

bmh
0
Comment
Question by:bmh777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 2

Expert Comment

by:bobsledbob
ID: 8164651

Double quotes are special and usually get converted to %22 by your browser.  (This is similar to spaces getting converted to %20).  Is this why you're experiencing problems?

if you could do something like this, you'd see what's in your $_POST array:

  echo "<pre>\n";
  print_r($_POST);
  echo "</pre>\n";

Also, it never hurts to have:

  error_reporting(E_ALL);

in your script while you're debugging.

Adam
0
 

Author Comment

by:bmh777
ID: 8169115
I'm using:

reset($_POST);
echo "<br><pre>POST Superglobal Array<br>";
var_dump($_POST);
echo "</pre>";

to see what's in the array. Every thing is fine in the array. The form entry:

e"

is stored in the POST array as

e"

but is displayed as

e

This happens in both IE 6 and NN 6.

I think I do have error_reporting set to E_ALL. How do I check?

bmh
0
 
LVL 2

Expert Comment

by:bobsledbob
ID: 8169249

What's the code that you're using to display e" ??

I'm thinking you've got a problem where you're echoing your post output into an html tag that doesn't like quotes.  You should probably try to display e" first by running it through the htmlentities() function:

echo htmlentities($_POST[$key], ENT_QUOTES);

Ie. I'm guessing you have code like this, right?

echo "<option value=\"" . $_POST[$key] . "\">" . $_POST[$key] . "</option>\n";

If so, then the HTML produced from your e" example will be:

<option value="e"">e"</option>

or some such nonsense.

the point is, you'll want it to look like this:

<option value="e&quot;">e&quot;</option>

which the htmlentities function will do for you.

Post the code which you're using to display $_POST[$key] with as well as your resulting HTML (view the source to see).  Using NN6+, the source will be colorized so that you can see your html errors better.

I think you can just do this to see which error reporting level you're at:

echo error_reporting();  // ie call the function without an argument.  however, i'm just guessing here.

however, you can set error_reporting(E_ALL); at any time which will guarentee you're seeing all of the error messages coming from your script.

0
 

Author Comment

by:bmh777
ID: 8172276
reset($_POST);
while(list($key,$val) = each($_POST)){
  if(is_string($val))
    $_POST[$key] = stripslashes($val);
}

extract($_POST);

<tr>
  <td height="15" bgcolor="#F0F8FF"></td>
  <td height="15" colspan="3" valign="top" bgcolor="#F8F0D8">
    <input type="text" name="first_name" value="$first_name">
    <input type="text" name="middle_name" value="$middle_name" > 
    <input type="text" name="last_name" value="$last_name"></td>
</tr>

I'm using var_dump($_POST) for debugging only. So the echo isn't the problem. I enter "e"",  click submit, and "e" is re-POSTed to the text box. As I said this is baffling because "e'" and "e/" are returned correctly.

php.ini settings
------------------
magic_quotes_gpc=On
magic_quotes_runtime=Off
magic_quotes_sybase=Off
0
 
LVL 2

Accepted Solution

by:
bobsledbob earned 300 total points
ID: 8174895

my last message correctly identified the problem.  Look at your html source code and see what you're getting when you enter e"

For instance, if you have set first_name to e" , then your rendered html code is going to look like this:

<input type="text" name="first_name" value="e"">

Get it?  the quote that you've supplied is going to end the 'value' attribute of your input text box.  As far as the html that you've generated is concerned, you've got too many quotes " in your tag.

modify your while loop to:

while(list($key,$val) = each($_POST)){
 if(is_string($val))
   $_POST[$key] = htmlentities(stripslashes($val), ENT_QUOTES);
}

and you should be fine.  


please read the PHP manual page:

http://www.php.net/manual/en/function.htmlentities.php

this gives you information on the function that will escape special html characters, such as "

0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question