Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

dealing with apostrophes when inserting and reading from a postgreSQL database

Posted on 2006-07-12
8
Medium Priority
?
435 Views
Last Modified: 2013-12-12
Hi,

I am using this code:

echo "<input type='text' name='passwordquestion' value='".htmlspecialchars(stripslashes(trim($row['passwordquestion'])))."' size='50'>";

when displaying a field from a database which may include an apostrophe within the text.  If the text is "Mother's maiden name" then it is only showing the word Mother in the box displayed on screen, but if you view the source of the page, the value of the field is the full text.

When I am adding the value into the database, I am using this code around the data:

$mypwdQn = $_POST['passwordquestion'];
$mypwdQn = addslashes($mypwdQn);

The data is added fine into the database.

Can someone please help me to get the data to display correctly in the input box?

Thanks heaps,
Heather
0
Comment
Question by:hmaloney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 5

Expert Comment

by:koolie
ID: 17096119
That's the stripslashes function

<?php
$str = "Is your name O\'reilly?";

// Outputs: Is your name O'reilly?
echo stripslashes($str);
?>
0
 

Author Comment

by:hmaloney
ID: 17096773
Thanks koolie, I'm using that functionality already as per my code, but it is not working.
0
 
LVL 5

Expert Comment

by:koolie
ID: 17099251
My mistake...What you could try doing is stripping the slashes before the data is inserted into the db rather than running all of the function commands from the input box.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Assisted Solution

by:ner0187
ner0187 earned 180 total points
ID: 17100336
Try getting rid of the htmlspecialchars() function when you're pulling it back from the database.

If you want to use this function, you should really execute it before inserting to the db.

Not sure if this will help, but it would be a better way of doing it, e.g. if you wanted to use the data somewhere else, to save on code etc.

All the best
0
 
LVL 27

Accepted Solution

by:
Cornelia Yoder earned 180 total points
ID: 17101080
You should use htmlspecialchars( ), or better yet htmlentities( ) because it handles quotes better, on ALL input before it goes into the database.  This function replaces all special characters with their &nn html code equivalents, so be sure to allow extra room in the field lengths in the database for it (if they are not TEXT fields).

http://us2.php.net/manual/en/function.htmlentities.php

http://www.ascii.cl/htmlcodes.htm

Once you have done this, you can retrieve the info from the database and display it directly without any further manipulation (as ner0187 said).
0
 

Author Comment

by:hmaloney
ID: 17103848
Okay.....

I am now saving the text to the database field using the htmlentities( ) function, and it is putting a \ in front of the apostrophe.

Then, when I display the contents of that database field in a webpage it all turns out nicely.  However, when I display the text inside the value attribute of an input field, the text stops just before the apostrophe.  I tried it with and without htmlentities() around the value.

I'd appreciate your further help!

Thank you.
0
 
LVL 27

Expert Comment

by:Cornelia Yoder
ID: 17104423
Where is the backslash coming from?  htmlentities doesn't put it in.
0
 

Author Comment

by:hmaloney
ID: 17104826
ah!  I just discovered that the code I am using to do the SQL update is putting the apostrophe in itself....

hmmmmmm

so, if I have this text in my database "xyz\'xyz" and I want it to appear inside a value attribute like this:
<input type='text' name='myfield' value='xyz'xyz' > 

I've just worked out a way around this.... instead of putting all of the above in a echo statement, I am breaking out of the PHP code for all the HTML text, and just using PHP to print the value in between " "

Thanks for all your help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question