?
Solved

PHP stripslashes exception

Posted on 2006-05-18
11
Medium Priority
?
407 Views
Last Modified: 2010-08-05
Let says I have: $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""

Now I have a form:

<input type='hidden' name='location' value='<?php echo $myvar; ?>'>

This would produce a problem, because $myvar has only " escaped, and not '. So what I need to do is unescape " and escape '

Is there an efficient way to do this? I am not consistent in my solution to this problem, and I worry that it is creating bugs in my codes.
0
Comment
Question by:sypder
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 21

Expert Comment

by:Julian Matz
ID: 16711229
Hi!

When displaying $myvar, you can simply use following:

<?php echo stripslashes($myvar); ?>
0
 
LVL 21

Expert Comment

by:Julian Matz
ID: 16711245
Sorry, I think I misread the question... Hang on...
0
 
LVL 3

Author Comment

by:sypder
ID: 16711246
But that won't work in this case:
<?php $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""; ?>

<input type='hidden' name='location' value='<?php echo stripslashes($myvar); ?>'>
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:sypder
ID: 16711268
We both posted at the same time...
0
 
LVL 21

Expert Comment

by:Julian Matz
ID: 16711363
:)

I understand the problem, and I'm thinking about it, but I'm not coming up with anything because whether or not the single quote is escaped, it will still be written into the HTML code which will mess it up...

The only solution I can think of is to use str_replace(), which would just remove the single quote...

str_replace("'", " ", $myvar);

This should replace ' with an empty space...

0
 
LVL 18

Assisted Solution

by:Sudaraka Wijesinghe
Sudaraka Wijesinghe earned 200 total points
ID: 16725235
I'd recommend using double quote (") to mark html tag parameter data boundries.

this will work preserving the data as exactly as it is

----------------------------------------------------------------------------------------------------------------------------------
<?php $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""; ?>

<input type='hidden' name='location' value="<?php echo str_replace("\"", "&quot;", $myvar); ?>">
----------------------------------------------------------------------------------------------------------------------------------

Note: I have replaced double quotes in the data with &quot;, when you post this data to server side it'll go in as "
0
 
LVL 10

Accepted Solution

by:
ClickCentric earned 800 total points
ID: 16730965
Try:

<?php $myvar = "Paul O'Gorman stores his files in \"C:\Program Files\""; ?>

<input type='hidden' name='location' value="<?php echo htmlentities($myvar); ?>">
0
 
LVL 10

Expert Comment

by:ClickCentric
ID: 16730972
For historical purposes, htmlentities should convert any and all 'special' html characters to their html-safe counterparts.  Such as changing " to &quot;
0
 
LVL 3

Author Comment

by:sypder
ID: 16731105
I think the htmlentities solves my problem, and addresses it in a general way.
0
 
LVL 10

Expert Comment

by:ClickCentric
ID: 16731119
Glad I could help.  Ironically, after posting the message above, I realized that I wasn't accounting for this on the project I'm working on right now.  So I managed to help myself at the same time.
0
 
LVL 3

Author Comment

by:sypder
ID: 16731129
Yeah, this always comes up for me after the form validation is performed and there is an error. I figured this would be one of the things to get right. Thanks again.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Suggested Courses
Course of the Month14 days, 22 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question