Professional Web Applications Themes

Best way to get quoted text in mysql? - PHP Development

It took me a lot of trial and error to get text from an HTML form into MySQL to account for quotation marks being entered. I came up with the following. It works fine but I was wondering if this is the best way. Here are the relevant snippets: 1) User enters data via post.html: <form method="POST" action="post_confirm.php" name="form"> <textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLimit(comments, 800);"></TEXTAREA> <input type="submit" name="Submit2" value="Submit" onClick="return validate(form)"> </form> 2) User is presented with the confirmation form post_confirm.php: Strips html tags, and displays without the slashes that PHP puts in: <?php $comments=stripslashes(strip_tags($_POST['comments'])); ?> Displays the user comments: ...

  1. #1

    Default Best way to get quoted text in mysql?

    It took me a lot of trial and error to get text from an HTML form into MySQL to
    account for quotation marks being entered. I came up with the following. It
    works fine but I was wondering if this is the best way. Here are the relevant
    snippets:

    1) User enters data via post.html:

    <form method="POST" action="post_confirm.php" name="form">
    <textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLimit(comments,
    800);"></TEXTAREA>
    <input type="submit" name="Submit2" value="Submit" onClick="return
    validate(form)">
    </form>

    2) User is presented with the confirmation form post_confirm.php:

    Strips html tags, and displays without the slashes that PHP puts in:
    <?php $comments=stripslashes(strip_tags($_POST['comments'])); ?>

    Displays the user comments:
    <?php echo $comments; ?>

    If ok, user sends it to be posted:
    <form method="POST" action="postnotice.php">
    <input type="hidden" name="comments" value="<?php echo
    htmlspecialchars($comments, ENT_QUOTES ); ?>">
    </form>

    3) Stuff is posted in MySQL via postnotice form:

    <?php $comments=addslashes($_POST['comments']); ?>


    Better way or OK?

    TIA -

    jon


    --
    [email]jwayne_myrealbox_no_spam.com[/email]
    JW Guest

  2. #2

    Default Re: Best way to get quoted text in mysql?

    Hi jwayne!

    On Mon, 30 Jun 2003 16:05:12 -0400, JW <jwayne_myrealbox_no_spam.com>
    wrote:
    >It took me a lot of trial and error to get text from an HTML form into MySQL to
    >account for quotation marks being entered. I came up with the following. It
    >works fine but I was wondering if this is the best way. Here are the relevant
    >snippets:
    >
    >1) User enters data via post.html:
    >
    > <form method="POST" action="post_confirm.php" name="form">
    > <textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLimit(comments,
    >800);"></TEXTAREA>
    > <input type="submit" name="Submit2" value="Submit" onClick="return
    >validate(form)">
    > </form>
    >
    >2) User is presented with the confirmation form post_confirm.php:
    >
    > Strips html tags, and displays without the slashes that PHP puts in:
    > <?php $comments=stripslashes(strip_tags($_POST['comments'])); ?>
    You can turn of the slashes that are put in, by using the ini_set with
    magic_quotes_gpc. My suggestion is to turn it off.
    >
    > Displays the user comments:
    > <?php echo $comments; ?>
    >
    > If ok, user sends it to be posted:
    > <form method="POST" action="postnotice.php">
    > <input type="hidden" name="comments" value="<?php echo
    >htmlspecialchars($comments, ENT_QUOTES ); ?>">
    > </form>
    >
    >3) Stuff is posted in MySQL via postnotice form:
    >
    > <?php $comments=addslashes($_POST['comments']); ?>
    >
    >
    >Better way or OK?
    >
    You may get around the one stripslashes with my suggestion.

    Hope I could help.

    Jochen
    --
    Jochen Daum - CANS Ltd.
    PHP DB Edit Toolkit -- PHP scripts for building
    database editing interfaces.
    [url]http://sourceforge.net/projects/phpdbedittk/[/url]
    Jochen Daum Guest

  3. #3

    Default Re: Best way to get quoted text in mysql?

    Hi !
    On Mon, 30 Jun 2003 20:18:23 -0400, JW <jwayne_myrealbox_no_spam.com>
    wrote:
    >
    >>You may get around the one stripslashes with my suggestion.
    >>
    >I tried your suggestion but there is problem: when I do a mysql_query, it bombs
    >with _single_ quotes in the user text.
    >
    Sorry. Just remove one instance of stripslashes, not all instances of
    *slashes. But your code was fine anyway. If you use shared servers,
    you might not be in control of these switches anyway. Maybe have a
    look at get_magic_quotes_gpc.

    HTH, Jochen
    --
    Jochen Daum - CANS Ltd.
    PHP DB Edit Toolkit -- PHP scripts for building
    database editing interfaces.
    [url]http://sourceforge.net/projects/phpdbedittk/[/url]
    Jochen Daum Guest

  4. #4

    Default Re: Best way to get quoted text in mysql?

    Jochen Daum <jochen.daumcans.co.nz> wrote in message news:<lma1gv4q60lef5gtd6506n19q7kpjcqc7v4ax.com>. ..
    > >Better way or OK?
    There is a RemoveMagicQuotes function floating around, probably on
    php.net in the user comments that I've found to be very effective. You
    just run it on the top of every page and it removes the magic quotes
    if the server has them on or off. I've moved PHP scripts between
    hosting companies and it can suddenly make a working script, not work.
    A little auto-detection and dealing with it can help.
    Paul Liversidge Guest

Similar Threads

  1. #40198 [NEW]: Column name is not double quoted
    By chores at jp1 dot cx in forum PHP Bugs
    Replies: 2
    Last Post: March 28th, 10:15 AM
  2. Can't display quoted text in input box
    By in forum Coldfusion - Getting Started
    Replies: 1
    Last Post: May 26th, 10:22 PM
  3. Matching quoted text question...
    By Rodney Wise in forum PERL Beginners
    Replies: 4
    Last Post: September 8th, 05:33 PM
  4. Quoted string problem
    By Meino Christian Cramer in forum Ruby
    Replies: 5
    Last Post: August 30th, 11:49 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139