homepage Welcome to WebmasterWorld Guest from 54.205.242.179
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe and Support WebmasterWorld
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Problems displaying data in form values
Php Mysql
salewit




msg:4020849
 3:14 am on Nov 7, 2009 (gmt 0)

I have a fair knowledge of PHP and MYSQL, but having lots of escape issues when used with forms. Take a simple name and address database with the name John O'Conner.


$fullname = "John O'Conner";
$result = mysql_query("update namedb SET name = '".mysql_real_escape_string($fullname)."' WHERE key = 33 LIMIT 1;");

Now I'll display that in a FORM text field:


$result = mysql_query("select name from namedb WHERE key = 33");
$row = mysql_fetch_assoc($result);
<form ...>
Updated Name: <input type="text" name="fullname" value="<? echo $row['name']; ?>">
</form>

I get this:

Updated Name: John O

Everything after the "O" is gone. If I look at the source, the full name is there. So I change my code by changing the the double quotes to singles right before the PHP code:


Updated Name: <input type="text" name="fullname" value='<? echo $row['name']; ?>'>

I get the name returned properly. However, if I change John O'Conner to John O"Conner, I have the same exact problem. I could filter out the quotes, but I have other fields that can have either a single or double quote. What is the solution here? Or what am I doing wrong?

 

homeless




msg:4020855
 3:34 am on Nov 7, 2009 (gmt 0)

try

value="..."

instead of

value='...'

your browser is probably confused.

salewit




msg:4020864
 4:31 am on Nov 7, 2009 (gmt 0)

I tried it both ways!

If I make it value="..." and then the name is John O"Conner, I get the same exact problem: John O

TheMadScientist




msg:4020869
 4:49 am on Nov 7, 2009 (gmt 0)

$fullname = "John O'Conner";
$fullname = htmlentities($fullname,ENT_QUOTES);
echo $fullname;

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved