Characters in form causing issues

Forum Moderators: coopster

Message Too Old, No Replies

Characters in form causing issues

Single and Double Quotes, line breaks, and maybe more

Jeremy_H

4:03 am on Jul 11, 2006 (gmt 0)

Hello,

I have a form on my website that uses a textarea like the one I'm typing in right now.

Once the user has finished typing the information in, the contents is this stored in a cell in a mysql database called $text, and later outputted when requested into something like this: $text

The problem is some characters like single and double quotes are getting messed up, and some things like line breaks aren't even showing up.

How can I handle these events to show up properly, and are there other characters I should also watch out for?

For the sake of preserving layout style, I'm thinking about putting the output in a span, and then somehow forcing each line segment to start and end with a paragraph tag. Something like $text. That way I can have multiple paragraphs and apply style by css through span p{}.

Any ideas would be very helpful.

Thanks

Sekka

7:58 am on Jul 11, 2006 (gmt 0)

When you are inserting the form data using SQL, escape the string.

mysql_escape_string ($myFormText);

Jeremy_H

4:04 pm on Jul 11, 2006 (gmt 0)

Thanks for the reply Sekka,

I noticed that when single or double quotes go into the system automatically get slashed by my system.

From reading around php.net based around the mysql_escape_string() I found that some systems will do this, and that its a feature.

Then I looked around for related functions and found stripslashes(). I guess I can add this on the output page to fix the slashes that have been put into the database.

Would anyone know if I would add this to the output page, or use this when adding items into the database so they get stored properly when in the database.

Thanks

wheelie34

10:21 am on Jul 12, 2006 (gmt 0)

Hi Jeremy

I would use addslashes() on the page that adds the content to the DB, that way if you need to use the content anywhere else you can just call it without having to remember to stripslashes for each output.

RonPK

12:53 pm on Jul 12, 2006 (gmt 0)

line breaks aren't even showing up

nl2br() [php.net] is your friend. It converts line breaks to the HTML tag.

jatar_k

6:09 pm on Jul 12, 2006 (gmt 0)

take a look at the last few posts in this thread

[webmasterworld.com...]

automatically adding slashes means gpc_magic_quotes is on, that is a problem and there is a bit in that thread that shows how to deal with that

do not use addslashes
do not use mysql_escape_string

use mysql_real_escape_string [php.net] it takes into account your charset for your db