Welcome to WebmasterWorld Guest from 54.161.110.186

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

carrying apostrophe in form

need to keep apostrophe in form result

     
3:52 am on Apr 14, 2009 (gmt 0)

5+ Year Member



Pulling business name from database as Example's Name. I am trying to keep the apostophe all the way through the form process.

Page 1 of the form has:

<input type='hidden' name='bname' value='".$bus."'>

Page 2 of the form has

$businessname=$_POST["bname"];

<?php echo ($businessname) ?>

I cannot echo the apostrophe in Example's Name. I have tried many variations of stripslashes and htmlspecialchars. I still cannot get it to work.

Any help would be appreciated.

Matt

5:28 am on Apr 14, 2009 (gmt 0)

10+ Year Member



htmlentities [php.net] with ENT_QUOTES is what you want.

$businessname = htmlentities($_POST["bname"],ENT_QUOTES);

4:53 pm on Apr 14, 2009 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I *think* htmlentities() will only work for double quotes, a " gets converted to &quot;. I don't know that it applies to a singlequote.

Even if it does, this presents problems when searching. If you were to store data like so

Book title: &quot;The End of the Internet As We know it &quot;

A search for

where title like '%"The End%';

would fail.

If you're working with apostrophied values, you have to decide your method of approach and stick to it. For example,

<input type='hidden' name='bname' value='".$bus."'>

Single quoted values are valid, they're just not "standard." Personally I go the other way around so that my output values are double quoted, and anything in my programming is single quoted:

print '<input type="hidden" name="bname" value="'.$bus.'">';

Now let's talk about inserting "Example's Name" into your database.

$bus ='Example\'s Name';

This won't work because mySQL obviously thinks the value ends before the "s"

insert into table (title) values ('$bus');

So my solution is a single substitution for single quotes. Just the single quote. This limits the amount of "treatment" my insert statements require:

foreach ($_POST ad $key=>$value) {
$value = preg_replace("/'+/","''",$value);
insert into table (field) values ('$value');
}

This gives you

insert into table (field) values ('Example''s Title');

Which should properly store "Example's Title" in your table.

On extraction, if you double-quote your form values, you should get this

<input type="hidden" name="bname" value="Example's Title">

If you like working the other way, reverse the idea, but as mentioned, this can get you into troubles with double-quoted values, which should be html entites: &quot;.

5:02 pm on Apr 14, 2009 (gmt 0)

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 5+ Year Member




I *think* htmlentities() will only work for double quotes, a " gets converted to &quot;. I don't know that it applies to a single quote.

Actually it will apply for the single quote, as well. Should replace it with the entity

&#039;
.

As for adding text into a database with characters such as the single quote ('), a simple escaping should be more than enough to have it store properly. But this is a bit off topic, here.

The bottom line is you need to convert to entities or you have to have properly formed quotes surrounding text in a tag's attribute.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month