Professional Web Applications Themes

apostrophe madness - PHP Development

Hello everyone. I am TOTALLY baffled. PLEASE, I need some help here. In the event that one must deal with a name including an apostrophe...I am looking for an appropriate solution. The flow of data is that the name is entered in via a form text box, stored in a MySQL table and then read back into another form or echoed out as needed. The problem that I am trying to overcome is what happens when an apostrophe is used in a name, i.e. D'linda. When I pull the information from the table and try to insert into a text ...

  1. #1

    Default apostrophe madness

    Hello everyone.

    I am TOTALLY baffled. PLEASE, I need some help here.

    In the event that one must deal with a name including an apostrophe...I am
    looking for an appropriate solution.

    The flow of data is that the name is entered in via a form text box, stored
    in a MySQL table and then read back into another form or echoed out as
    needed.

    The problem that I am trying to overcome is what happens when an apostrophe
    is used in a name, i.e. D'linda.

    When I pull the information from the table and try to insert into a text box
    on a form, I only get D. No 'linda.

    I have tried escaping it, i.e. D\'linda and tried all the variations of ',"
    and '".???."' that I can think of. The challenge is placing the name in
    this text box:
    <input type=text name=addr size=30 maxlength=30 value='".$row[addr]."'>
    In the above code, D'linda is stored in $row[addr].

    ALL input is most certainly appreciated!
    - Steven


    S. Rhodes Guest

  2. #2

    Default Re: apostrophe madness

    Message-ID: <vfuv6mhhik0r64corp.supernews.com> from S. Rhodes contained
    the following:
    >I have tried escaping it, i.e. D\'linda and tried all the variations of ',"
    >and '".???."' that I can think of. The challenge is placing the name in
    >this text box:
    ><input type=text name=addr size=30 maxlength=30 value='".$row[addr]."'>
    >In the above code, D'linda is stored in $row[addr].
    >
    >ALL input is most certainly appreciated!
    Have you got magic quotes turned on? I don't get this problem with my test
    database and it's pretty bog standard tutorial stuff.
    [url]http://www.ckdog.co.uk/php/sqltest8.php[/url]

    --
    Geoff Berrow
    It's only Usenet, no one dies.
    My opinions, not the committee's, mine.
    Simple RFDs [url]http://www.ckdog.co.uk/rfdmaker/[/url]
    Geoff Berrow Guest

  3. #3

    Default Re: apostrophe madness

    S. Rhodes wrote:
    > <input type=text name=addr size=30 maxlength=30 value='".$row[addr]."'>
    > In the above code, D'linda is stored in $row[addr].
    Use <input type=text name=addr size=30 maxlength=30
    value=\"".htmlspecialchars($row[addr])."\">

    --
    James Sleeman
    Gogo:Code [url]http://www.gogo.co.nz/[/url]
    Email domain : gogo.co.nz see user in from header!
    James Sleeman Guest

  4. #4

    Default Re: apostrophe madness

    On Mon, 30 Jun 2003 18:20:18 +1200, James Sleeman
    <jamesseeMessageForDomain.moc> scrawled:
    >S. Rhodes wrote:
    >
    >> <input type=text name=addr size=30 maxlength=30 value='".$row[addr]."'>
    >> In the above code, D'linda is stored in $row[addr].
    >
    >Use <input type=text name=addr size=30 maxlength=30
    >value=\"".htmlspecialchars($row[addr])."\">
    >
    Use PHP as it's supposed to, and don't just "print" everything...
    then you can produce good HTML....

    ?>
    <input type="text" name="addr" size="30" maxlength="30"
    value="<?= htmlspecialchars( $row["addr"] )?>" />
    <?
    James Guest

  5. #5

    Default Re: apostrophe madness

    Thank you one and all for your suggestions! I appreciate your input.

    Due to Magic Quotes (runtime level) being turn off on the Server that host's
    my page, I am not able to benefit from that feature as I do not know of a
    way to turn them on from a PHP script.

    After reading all of the responses and trying all that was offered, I ended
    up with the following:

    echo "<td><input type=text name=paddr1 size=30 maxlength=30
    value=\"".htmlspecialchars($row[paddr1])."\"></td></tr>";

    This is doing the job, as far as populating the box appropriately.

    Again, THANK YOU one and all!

    - Steven


    S. Rhodes Guest

  6. #6

    Default Re: apostrophe madness

    Hello,

    remember a few points . it is not xhtml compliant to write html code
    that doesnt include "" in it.. <img cellpadding="0" /> is valid xhtml
    as <img cellpadding=0 /> is not.

    in php print will interp. anything between " " looking for $variables
    echo does not. this is slower than using echo and concatinating.

    yeah its neat to break up your <? php open and closing tags.. but
    sometimes this gets annoying. so my suggestion is something like this:

    echo '<input type="text" name="addr" size="30" maxlength="30"
    value="'.$row['addr'].'" />';

    and please for the love of god its $row['addr'] not $row[addr]

    i hope this was helpful :)

    - Jonathan P Dryhurst Roberts

    [email]newsgroupblack-panther.freeserve.co.uk[/email] (James) wrote in message news:<3effdcaf.368360604news.freeserve.com>...
    > On Mon, 30 Jun 2003 18:20:18 +1200, James Sleeman
    > <jamesseeMessageForDomain.moc> scrawled:
    >
    > >S. Rhodes wrote:
    > >
    > >> <input type=text name=addr size=30 maxlength=30 value='".$row[addr]."'>
    > >> In the above code, D'linda is stored in $row[addr].
    > >
    > >Use <input type=text name=addr size=30 maxlength=30
    > >value=\"".htmlspecialchars($row[addr])."\">
    > >
    >
    > Use PHP as it's supposed to, and don't just "print" everything...
    > then you can produce good HTML....
    >
    > ?>
    > <input type="text" name="addr" size="30" maxlength="30"
    > value="<?= htmlspecialchars( $row["addr"] )?>" />
    > <?
    tranceport technology group Guest

  7. #7

    Default apostrophe madness

    try using mysql_real_escape_string(); this is exactly what that function is for: escaping special characters. You should do this anyway, to make sql injection and xss attacks more difficult.
    Unregistered Guest

Similar Threads

  1. PHP and the apostrophe (')
    By Otto Haldi in forum PHP Development
    Replies: 3
    Last Post: February 28th, 12:45 PM
  2. E-mail with apostrophe
    By cld007 in forum Coldfusion Database Access
    Replies: 2
    Last Post: January 13th, 04:09 PM
  3. Apostrophe replaced by ? marks
    By jelllyfish in forum Macromedia Dynamic HTML
    Replies: 0
    Last Post: October 20th, 05:22 PM
  4. Madness, I call it madness
    By Marius Horak in forum ASP.NET Data Grid Control
    Replies: 2
    Last Post: June 4th, 02:28 PM
  5. Apostrophe in a string
    By Ron Hinds in forum Microsoft SQL / MS SQL Server
    Replies: 1
    Last Post: July 10th, 02:26 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139