• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 419
  • Last Modified:

PHP stripslashes exception

Let says I have: $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""

Now I have a form:

<input type='hidden' name='location' value='<?php echo $myvar; ?>'>

This would produce a problem, because $myvar has only " escaped, and not '. So what I need to do is unescape " and escape '

Is there an efficient way to do this? I am not consistent in my solution to this problem, and I worry that it is creating bugs in my codes.
0
sypder
Asked:
sypder
  • 4
  • 3
  • 3
  • +1
2 Solutions
 
Julian MatzJoint ChairpersonCommented:
Hi!

When displaying $myvar, you can simply use following:

<?php echo stripslashes($myvar); ?>
0
 
Julian MatzJoint ChairpersonCommented:
Sorry, I think I misread the question... Hang on...
0
 
sypderAuthor Commented:
But that won't work in this case:
<?php $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""; ?>

<input type='hidden' name='location' value='<?php echo stripslashes($myvar); ?>'>
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
sypderAuthor Commented:
We both posted at the same time...
0
 
Julian MatzJoint ChairpersonCommented:
:)

I understand the problem, and I'm thinking about it, but I'm not coming up with anything because whether or not the single quote is escaped, it will still be written into the HTML code which will mess it up...

The only solution I can think of is to use str_replace(), which would just remove the single quote...

str_replace("'", " ", $myvar);

This should replace ' with an empty space...

0
 
Sudaraka WijesingheWeb Application ProgrammerCommented:
I'd recommend using double quote (") to mark html tag parameter data boundries.

this will work preserving the data as exactly as it is

----------------------------------------------------------------------------------------------------------------------------------
<?php $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""; ?>

<input type='hidden' name='location' value="<?php echo str_replace("\"", "&quot;", $myvar); ?>">
----------------------------------------------------------------------------------------------------------------------------------

Note: I have replaced double quotes in the data with &quot;, when you post this data to server side it'll go in as "
0
 
ClickCentricCommented:
Try:

<?php $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""; ?>

<input type='hidden' name='location' value="<?php echo htmlentities($myvar); ?>">
0
 
ClickCentricCommented:
For historical purposes, htmlentities should convert any and all 'special' html characters to their html-safe counterparts.  Such as changing " to &quot;
0
 
sypderAuthor Commented:
I think the htmlentities solves my problem, and addresses it in a general way.
0
 
ClickCentricCommented:
Glad I could help.  Ironically, after posting the message above, I realized that I wasn't accounting for this on the project I'm working on right now.  So I managed to help myself at the same time.
0
 
sypderAuthor Commented:
Yeah, this always comes up for me after the form validation is performed and there is an error. I figured this would be one of the things to get right. Thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now