Strip apostrophe from variable

When I submit a form with containing an apostrophe in one of the form fields - i.e. Women's Health, results from that field are blank. This is what I'm using but it's not working:

<INPUT TYPE="text" NAME="DIRECT_GIFT_TO_OTHER" VALUE="" />

and on the action page:

$donation_to .= str_replace("'", "",$DIRECT_GIFT_TO_OTHER)."<br>";
phillystyle123Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
phillystyle123Connect With a Mentor Author Commented:
I have no problem awarding points for this, but the question (and this is my fault) left out one very important factor that I didn't think had anything to do with it. It's turned out that Authorize.net's ARB API doesn't allow for any characters. I ended up using a javascript in the form fields that eliminates single quotes/apostrophes on keyup:

<INPUT  onkeyup="if (/'/.test(this.value)){this.value=this.value.replace(/'/g,'')}" onblur="this.onkeyup()" TYPE="text" NAME="DIRECT_GIFT_TO_OTHER" VALUE="" />
0
 
Robert SchuttSoftware EngineerCommented:
It would take a bit more info to come up with a real solution, but it is usually not necessary to strip anything out. Just use the right encoding for html or sql. What is being done with the output on the action page, just shown as html? (judging from the <br>) That shouldn't even need encoding but you could use htmlspecialchars().
0
 
David CarrConnect With a Mentor Commented:
Be sure you do not have magic quotes turned on.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
phillystyle123Author Commented:
How would htmlspecialchars() work?
0
 
Robert SchuttConnect With a Mentor Software EngineerCommented:
Well like I said it depends what you want to do but in your context I guess:
$donation_to .= htmlspecialchars($DIRECT_GIFT_TO_OTHER)."<br>";

Open in new window

0
 
phillystyle123Author Commented:
Still not outputting if there is an apostrophe. So, in the following example, Mens Health will output, but Men's Health will not.

Form field:

<INPUT TYPE="text" NAME="DIRECT_GIFT_TO_OTHER" VALUE="" />

Action page code:

//donation to
      
      $donation_to = "";
      
            if($DIRECT_GIFT_TO_OTHER!="")
      {
            $donation_to .= htmlspecialchars($DIRECT_GIFT_TO_OTHER)."<br>";
      }
0
 
Robert SchuttConnect With a Mentor Software EngineerCommented:
Please define 'output'. In your code nothing is being output. Is it being echoed to the page? The context probably matters.
0
 
Ray PaseurConnect With a Mentor Commented:
@phillystyle123, couple of suggestions:

1. add error_reporting(E_ALL) to the top of your scripts.
2. learn about mysql_real_escape_string().
3. use htmlentities() or similar for browser output, not for internal use.
4. have a look at this article (may or may not be in play here, but you'll know that as soon as you read the article)
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html

Instead of describing the symptoms, if you can post the link to the SSCCE, we will be able to answer you immediately with complete accuracy.  

Thanks and regards, ~Ray
0
 
Ray PaseurCommented:
Interesting (and thanks for the points).  Since I am working with a class that is studying eCommerce right now, can you tell us anything more about this restriction from Authorize.net?  Is this documented anywhere that you could find?  Thanks and regards, ~Ray
0
 
phillystyle123Author Commented:
I didn't see it anywhere in the documentation. No trace of the issue that I could find. So I reached out to authorize.net tech support.
0
 
Ray PaseurCommented:
Thanks for the heads-up!  Best, ~Ray
0
 
phillystyle123Author Commented:
Came up with a different solution because I discovered that Authorize.net's ARB API doesn't allow the use of single quotes, apostophes in form fields.
0
All Courses

From novice to tech pro — start learning today.