single quotes in database field breaks form?

Re: single quotes in database field breaks form?

Greg Bryant wrote:[color=blue]
> Hi folks - I have a form that displays a value pulled from a database
> field.
>
><?php echo "<input type=text name='storename ' value='$storena me'>"; ?>
>
> I noticed that if $storename contains something like "Ma's Bakery", all
> that shows up in the field is "Ma". Do I really have to go through all my
> form fields and change them to
><?php echo "<input type=text name='storename ' value='".$store name."'>"; ?>[/color]

What hapenned when you tried that? :)

try:

<?php echo '... value="', htmlentities($s torename, ENT_QUOTES), '">'; ?>

Reference at



Happy Coding :-)
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: single quotes in database field breaks form?

Greg Bryant <bryantgHELLO@y ahoo.com> writes:
[color=blue]
> Hi folks - I have a form that displays a value pulled from a database
> field.
>
> <?php echo "<input type=text name='storename ' value='$storena me'>"; ?>
>
> I noticed that if $storename contains something like "Ma's Bakery", all
> that shows up in the field is "Ma". Do I really have to go through all my
> form fields and change them to
> <?php echo "<input type=text name='storename ' value='".$store name."'>"; ?>
>
> Although I guess
> <?php echo "<input type=text name='storename ' value=\"$storen ame\">"; ?>
> would work, too.[/color]

It's wise to call htmlentities() when displaying content that could
contain special characters.



Have a look at the optional quote_style parameter.

--
Michael Fuhr

Re: single quotes in database field breaks form?

Pedro Graca <hexkid@hotpop. com> wrote in
news:braiso$194 j3$1@ID-203069.news.uni-berlin.de:
[color=blue]
> Greg Bryant wrote:[color=green]
>> Hi folks - I have a form that displays a value pulled from a database
>> field.
>>
>><?php echo "<input type=text name='storename ' value='$storena me'>"; ?>
>>
>> I noticed that if $storename contains something like "Ma's Bakery",
>> all that shows up in the field is "Ma". Do I really have to go
>> through all my form fields and change them to
>><?php echo "<input type=text name='storename '
>>value='".$sto rename."'>"; ?>[/color]
>
> What hapenned when you tried that? :)
>
> try:
>
> <?php echo '... value="', htmlentities($s torename, ENT_QUOTES), '">';
> ?>
>
> Reference at
> http://www.php.net/htmlentities
>
>
> Happy Coding :-)[/color]

Thanks. Fortunately, I guess, I tried the second one first (escape
double quotes around the value). Looking at it again, obviously the
first one will have the same problem as the original :). Nice to know
there's a real solution - htmlentities. Thanks!

Re: single quotes in database field breaks form?

"Greg Bryant" <bryantgHELLO@y ahoo.com> schrieb im Newsbeitrag
news:Xns944F471 4FD65bryantgHEL LOyahoocom@199. 45.49.11...[color=blue]
> Pedro Graca <hexkid@hotpop. com> wrote in
> news:braiso$194 j3$1@ID-203069.news.uni-berlin.de:
>[color=green]
> > Greg Bryant wrote:[color=darkred]
> >> Hi folks - I have a form that displays a value pulled from a database
> >> field.
> >>
> >><?php echo "<input type=text name='storename ' value='$storena me'>"; ?>
> >>
> >> I noticed that if $storename contains something like "Ma's Bakery",
> >> all that shows up in the field is "Ma". Do I really have to go
> >> through all my form fields and change them to
> >><?php echo "<input type=text name='storename '
> >>value='".$sto rename."'>"; ?>[/color]
> >
> > What hapenned when you tried that? :)
> >
> > try:
> >
> > <?php echo '... value="', htmlentities($s torename, ENT_QUOTES), '">';
> > ?>
> >
> > Reference at
> > http://www.php.net/htmlentities
> >
> >
> > Happy Coding :-)[/color]
>
> Thanks. Fortunately, I guess, I tried the second one first (escape
> double quotes around the value). Looking at it again, obviously the
> first one will have the same problem as the original :). Nice to know
> there's a real solution - htmlentities. Thanks!
>[/color]

With your "solution" you just switch problems - an entry as "She said:
"Let's go!", and went." will be cropped to "She said: ". You either have to
use htmlentities() or addslashes() with your content.

--
Markus

Re: single quotes in database field breaks form?

You're right, you're right. There's obviously a reason htmlentities is a
core function :).

Thanks for keeping me from getting lazy.

-Greg

"Markus Ernst" <derernst@NO#SP #AMgmx.ch> wrote in
news:3fd9cdb2$0 $13881$afc38c87 @news.easynet.c h:
[color=blue][color=green]
>> Thanks. Fortunately, I guess, I tried the second one first (escape
>> double quotes around the value). Looking at it again, obviously the
>> first one will have the same problem as the original :). Nice to
>> know there's a real solution - htmlentities. Thanks!
>>[/color]
>
> With your "solution" you just switch problems - an entry as "She said:
> "Let's go!", and went." will be cropped to "She said: ". You either
> have to use htmlentities() or addslashes() with your content.
>[/color]

Re: single quotes in database field breaks form?

I find that using addslashes() usually does the trick, however if the
data you're entering is variable and the end user has specified it, it
would be better to htmlentities() or htmlspecialchar s() and then
addslashes() for security.