Problem with special characters in session variables

Hi,

I am using a session variable to store a field that contains a search spec and possible a date.  
The field could contain things like:
> 'fred'
or
= '01-JAN-2008'.
I also use the same session variable to redisplay that value back in the input field if the user hits the browser back button, but the special character causes the text to be truncated right at the special character...nothing in the string after that character displays.

Is there some way to use an escape character or something so that the entire string redisplays correctly?
LVL 2
abruskoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WarpsehCommented:
Which special character are you having trouble with?
0
nplibCommented:
that is caused at the form submission stage, not the variable assignment part.
if you go into your php.ini and enable magic quotes = on, then that will rectify your problem.

it will properly escape any characters that need it in form submission.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
abruskoAuthor Commented:
Warpseh, At the moment I am having trouble with the single quote (') and greater-than (>).

nplib,  I have an echo after I hit the submit button and the echo seems to show the variable ok.  Before I ask our admins to check php.ini, does my test indicate that it is already set as you suggest?

Thx,
Andy
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

nplibCommented:
no, it doesn't because your just echoing, and not re-encapsulating
0
WarpsehCommented:
Try doing an $_SESSION['asd'] = htmlentity($var) and then $var = html_entity_decode($_SESSION['asd']).
0
nplibCommented:
that will work, or at least should.

but why do something for every time you will ever need to do it, or do it once and never think about it again.
0
nplibCommented:
don't know about you, but when it comes to coding, I like to type as little as possible.
0
abruskoAuthor Commented:
"W",

It's not liking htmlentity for some reason....
0
abruskoAuthor Commented:
nplib,

I will check into our php.ini file and get back to you.

0
WarpsehCommented:
I agree with nplib on that one, but if changing the php.ini is too much trouble (sometime hosting services make it difficult for a user to request a change like that) and this is not a recurring need on your site programming, the htmlentities approach might be easier.
0
dr_dedoCommented:
what method you use in your form ? post or get ?
send code sample please
0
abruskoAuthor Commented:
All of my code so far is posted below.  Right now I am working on the formdate field.

I am heading to a meeting right now.  I have asked our admin to check php.ini.  I will pick this back up first thing tomorrow morning.

Thank you guys very much for your help so far...

Andy

<?php 
session_start();
if(!session_is_registered(myusername))
   {
   header("location:CIIdeasFormMainLogin.php");
   }
//ini_set('display_errors', 1);
//error_reporting(E_ALL);
$signon=$_SESSION['myusername'];
$password=$_SESSION['mypassword'];
$initiator = $_POST["initiator"];
$teamname = $_POST["teamname"];
$formdate = $_POST["formdate"];
$ideanumber = $_POST["ideanumber"];
$mansource = $_POST["mansource"];
$ideamission = $_POST["ideamission"];
$affected = $_POST["affected"];
$impidea = $_POST["impidea"];
$currsit = $_POST["currsit"];
$newidea = $_POST["newidea"];
$factors = $_POST["factors"];
session_register('initiator');
session_register('formdate');
if (!isset($_POST['search']) or isset($_POST['clear']))
{ // if page is not submitted to itself echo the form
//$null = null;
if (isset($_POST['clear']))
   {
    $_SESSION['formdate']=null;
    $s_formdate=$_SESSION['formdate'];
    $_SESSION['initiator']=null;
    $s_initiator=$_SESSION['initiator'];
   }
$s_formdate=$_SESSION['formdate'];
$s_initiator=$_SESSION['initiator'];
//echo "s_initiator=".$s_initiator."*";
?>
<html>
<head><title>Continuous Improvement Ideas Form</title>
<img src="abcd_logo.jpg" align=left hspace=0><img src="abcd_logo.jpg" align=right hspace=0><br><br><P style="font-size: 24pt; color: green" align="center"><b>Continuous Improvement Ideas</b>
<style>
 body
 {
 background: <?php echo '#FFFF99';?>;
 }
</style>
</head>
<body>
<form method="post" action="<?php echo $PHP_SELF;?>"> 
<hr noshade color=black>
<p style="text-align: center;"><font size=2><b>
COMPLETED FORMS ARE PROCESSED BY THE CONTINUOUS IMPROVEMENT GROUP
</font></b></p>
<hr size=4 noshade color=black>
 
<font size=4 color=red><b> 1) &nbsp;Mission Statement Section</b></font><br>
<font size=2 color=red><i>This section should outline the mission and goal of the idea.</i></font>
 
<table border=2 bordercolor=black >
 <tr>
  <td>
   <form method="post" action="<?php echo $PHP_SELF;?>">
   <font size=4 color=green><b>Date:&nbsp;
   <font size=4 color=black><b>
   <input type="text" size="21" maxlength="20" name="formdate" value='<?php echo "$s_formdate"; ?>'>
   &nbsp;</font></b>
   <font size=4 color=green><b>&nbsp;&nbsp;&nbsp;&nbsp;Idea#:&nbsp;</font><font color=black></b>
   <input type="text" size="15" maxlength="14" name="ideanumber">
   </font><br>
   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
   <font size=1 color=green>Ex.&nbsp;&nbsp;&nbsp;</font><font size=1 color=red> GT '25-JAN-2008' and</font>
   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
   <font size=1 color=green>Ex.&nbsp;&nbsp;&nbsp;</font><font size=1 color=red> LT '1004' or</font>
 
 
   <br><br>
   <font size=4 color=green><b>Inintiator:&nbsp;&nbsp;</font></b>
   <input type='text' size='64' maxlength='64' name='initiator' value='<?php echo "$s_initiator"; ?>'>
   <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
   <font size=1 color=green>Ex.&nbsp;&nbsp;&nbsp;</font><font size=1 color=red> contains 'johnson'</font>
   &nbsp;&nbsp;&nbsp;&nbsp;<font size=1 color=green>Ex.&nbsp;&nbsp;&nbsp;</font><font size=1 color=red> = 'Bill Johnson'</font>
   &nbsp;&nbsp;&nbsp;&nbsp;<font size=1 color=green>Note: '<font size=1 color=red>contains<font size=1 color=green>' is not case-sensitive.</font>
 
 
   <br><br>
   <font size=4 color=green><b>Manufacturing Source:</font><font size=3> (Choose one, if applicable)</font></b><br />
   <font size=4 color=#990099>Forks I:</font><input type="radio" value="Forks I" name="mansource" checked> &nbsp;&nbsp;&nbsp;&nbsp;
   <font size=4 color=#990099>Forks II:<input type="radio" value="Forks II" name="mansource">&nbsp;&nbsp;&nbsp;&nbsp;
   <font size=4 color=#990099>LVIP:<input type="radio" value="lvip" name="mansource">&nbsp;&nbsp;&nbsp;&nbsp;
   <font size=4 color=#990099>Distribution:<input type="radio" value="distribution" name="mansource">&nbsp;&nbsp;&nbsp;&nbsp;
   <font size=4 color=#990099>Other:<input type="radio" value="other" name="mansource">&nbsp;&nbsp;&nbsp;&nbsp;
   <br />
   <br>
   <font size=4 color=green><b>Idea Mission/Goal:</font></b><br />
   <textarea rows="5" cols="105" name="ideamission" wrap="soft"></textarea><br /> 
   <br>
   <font size=4 color=green><b>Product or Line Affected:&nbsp;</font></b><font size=2 color=green><i>
   (What specific product or production line will be affected by the CI event?)</font></i><br />
   <textarea rows="2" cols="105" name="affected" wrap="soft"></textarea><br /> 
   <br>
   <font size=4 color=green><b>Improvement Idea:</font></b><br />
   <textarea rows="5" cols="105" name="impidea" wrap="soft"></textarea><br /> 
   <br>
  </td>
 </tr>
</table>
 
<hr size=4 noshade color=black><br><br>
 
<font size=4 color=red><b> 2) &nbsp;Current Situation (AS IS)</b></font><br>
<font size=2 color=red><i>Fill out this section to establish a baseline to measure the improvement against.  This should be the "as-is".</i></font>
<p style="text-align: left;"><font size=2><b>Description:</font></b></p>
<textarea rows="7" cols="105" name="currsit" wrap="soft"></textarea><br /> 
<br><br>
<font size=4 color=red><b> 3) &nbsp;New Ideas (SHOULD BE)</b></font>
<p style="text-align: left;"><font size=2><b>Description:</font></b></p>
<textarea rows="7" cols="105" name="newidea" wrap="soft"></textarea><br /> 
<br><br>
 
 
   <font size=4 color=red><b> 4) &nbsp;Impacted Factors</b></font><br>
<?php
$conn = OCILogon($signon, $password, 'CIDB') or die("ERROR CONNECTING - Notify Global Support");
$query = "select literal_text from ci.literal where literal_group = 'Impacted Factors' order by seq_no";
$stid = OCI_Parse($conn, $query);
$r = OCI_Execute($stid, OCI_DEFAULT);
if ($r)
   {
   echo "<table border=0>";
   while ($row = OCI_FETCH_ARRAY ($stid, OCI_ASSOC))
      {
      echo "<TR bordercolor=#ffff99>";
      foreach ($row as $item)
         {
         echo "<TD width=858>" . "<font color=#990099>".
         "<input type='checkbox' value = '$item' name = 'factors[]'>" . $item .
         "</font>"."</td>";
         }  // End of FOREACH
      echo "</tr>";
      }  // End of While
   echo "</table>";
   }
else
   {
   echo 'Unable to execute query.  Notify Global Support.';
   }  // end of IF
OCILogoff($conn);
?>
 
<hr size=4 noshade color=black><br>
 
<table>
   <tr>
      <td align=left width=40%>
      <input type="submit" value="Search" name="search">
      </td>
      <td align=right width = 60%>
      <input type="submit" value="Clear/Reset Form" name="clear"><br>
      </td>
   </tr>
   <tr>
      <td align=left width=40%>
      <font color=navy size=2>Click Here to Search Based <br>Upon Criteria Entered Above.</font>
      </td>
      <td align=right width=60%>
      <font color=navy size=2> Use This Button to <br>Clear/Reset the Form.</font>
      </td>
   </tr>
</table>
</form>
<?php
}
elseif (isset($_POST['search']))
{
 
$substring = "'";
 
$querystring = "Select * from ci.idea where ";
 
// Date
if ($formdate > "")
{
//$_SESSION['formdate']=htmlentity($formdate);
$_SESSION['formdate'] = htmlentity($formdate);
//$s_formdate=$_SESSION['formdate'];
$s_formdate = html_entity_decode($_SESSION['formdate']);
$querystring = $querystring."INITIATION_DATE ".$s_formdate." ";
echo "querystring = ".$querystring."<br>";
exit();
}
 
 
// Initiator
if ($initiator > "")
   {
   $pos=0;
   while (FALSE !== ($pos = strpos($initiator, $substring, $pos))) 
      {
      echo '<script>document.bgColor = "#FFFF99";</script>';
      echo "Cannot have a single quote (') in the "."<b>"."Initiator"."</b>"." text."."<br />";
      echo "You Can Use the Tick Mark (`) If Desired...Correct and Resubmit";
      $_SESSION['initiator']=$initiator;
      $s_initiator=$_SESSION['initiator'];
      exit();
      }
   }
 
if ($initiator > "")
   {
   $_SESSION['initiator']=$initiator;
   $s_initiator=$_SESSION['initiator'];
   $querystring = $querystring."and INITIATOR = '".$s_initiator."'";
   echo "querystring = ".$querystring."<br>";
   }
 
}  // End of elseif (isset($_POST['search']))
else
{
}
?> 
<br>&#169;2008 - abcd LLC 
</body>
</html>

Open in new window

0
abruskoAuthor Commented:
Thanks guys...I'm very close on this and will take it from here.  Your help has been priceless!  Wish I could give you a thousand points!

Andy  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.