" problem

Discussion in 'PHP' started by Darkhodge, Sep 1, 2006.

  1. #1
    Hey,


    I have a form that posts a user's profile information to a php file that then stores it into the database.

    The user can go back to the edit profile page to edit their profile as many times as they want.

    However if they have used a " in their profile information, the values within the input boxes don't appear as they should. It's obviously as the " is closing the value = "" section before it should.

    How would I over come this problem?

    I was thinking about automatically replacing the " with ' using str_replace() but how would I do that because, str_replace ( """ , "'" , $string) wouldn't work would it... :rolleyes:


    Thanks,

    Hodge
     
    Darkhodge, Sep 1, 2006 IP
  2. void

    void Peon

    Messages:
    119
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Apologies for the brief reply, I'm about to go home.

    addslashes() should do what you need, combined with stripslashes() when you want to remove them :)
     
    void, Sep 1, 2006 IP
  3. Darkhodge

    Darkhodge Well-Known Member

    Messages:
    2,111
    Likes Received:
    76
    Best Answers:
    1
    Trophy Points:
    185
    #3
    Thanks for your reply void but as magic_quotes_gpc is on on my server doesn't it mean that I don't need to do that? :confused:
     
    Darkhodge, Sep 1, 2006 IP
  4. Gordaen

    Gordaen Peon

    Messages:
    277
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Try something like this:

    if (!get_magic_quotes_gpc()) {
    $yourVariable = addslashes($_POST['yourVariable']);
    }
    else {
    $yourVariable = $_POST['yourVariable'];
    }
     
    Gordaen, Sep 1, 2006 IP
  5. wmburg

    wmburg Active Member

    Messages:
    300
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    58
    #5
    I wouldn't do it that way. You would add a slash for future reference though.

    str_replace("\"","'",$string);
    PHP:
     
    wmburg, Sep 1, 2006 IP
  6. Darkhodge

    Darkhodge Well-Known Member

    Messages:
    2,111
    Likes Received:
    76
    Best Answers:
    1
    Trophy Points:
    185
    #6
    Ah so you can place a \ before and it'll work? I'll give it a go - thanks everyone :)
     
    Darkhodge, Sep 1, 2006 IP
  7. wmburg

    wmburg Active Member

    Messages:
    300
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    58
    #7
    Exactly. You're welcome. Good luck!
     
    wmburg, Sep 1, 2006 IP
  8. Darkhodge

    Darkhodge Well-Known Member

    Messages:
    2,111
    Likes Received:
    76
    Best Answers:
    1
    Trophy Points:
    185
    #8
    I gave it a go and it still doesn't work... :(
     
    Darkhodge, Sep 3, 2006 IP
  9. drewbe121212

    drewbe121212 Well-Known Member

    Messages:
    733
    Likes Received:
    20
    Best Answers:
    0
    Trophy Points:
    125
    #9
    A Couple things.
    strip_slashes() should be ran when retrieving the data from the database. IE

    $query = mysql_query("select c1 FROM table WHERE ...");

    while ($row = mysql_fetch_assoc($query))
    {
    echo strip_slashes($row['c1']);
    }

    Also, when inserting the data to protect yourself, always use
    mysql_real_escape_string() on any type of data that is inserted that is from a global variable IE $_POST && $_GET

    mysql_query("INSERT INTO table (c1) VALUES ('".mysql_real_escape_string($_POST['posted_value'])."')");
     
    drewbe121212, Sep 3, 2006 IP
  10. wmburg

    wmburg Active Member

    Messages:
    300
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    58
    #10
    Can you paste your code and the error that you're getting?
     
    wmburg, Sep 3, 2006 IP
  11. Darkhodge

    Darkhodge Well-Known Member

    Messages:
    2,111
    Likes Received:
    76
    Best Answers:
    1
    Trophy Points:
    185
    #11
    Hey,

    Basically I can store and show fields correctly as magic_quotes_gpc is on. For example if there was a biography section and you write:

    Then show it on their profile page, it would work just fine.

    It's when I use that in a "value = " attribute within a <form> that I get problems because it cuts off the value attribute prematurely. Just to clarify here's an example:

    
    .... coding before this section ....
    
    // Retrieve Band Profile Info
    $sql = "SELECT * FROM bands WHERE bandID = '$bandID'";
    $result = mysql_query ($sql , $conn);
    $bandInfo = mysql_fetch_query ($result);
    
    $biography = $bandInfo['biography'];
    
    // Print Form That Allows Editing of Band Profile
    
    print <<<HERE
    <form action = "saveProfile.php" method = "POST">
    <p>
      Biography: <input type = "text" name = "biography" value = "$biography">
    </p>
    
    <p>
      <input type = "submit" value = "Save Profile">
    </p>
    </form>
    HERE;
    
    PHP:
    When the page is shown to the user, the value within the text input box will read "Our band was started in 2005 when we all met up at a university called " and the end would be cut off because of the premature closing of the value attribute.

    Hope that clarifies my problem :)
     
    Darkhodge, Sep 3, 2006 IP
  12. smatts9

    smatts9 Active Member

    Messages:
    1,089
    Likes Received:
    71
    Best Answers:
    0
    Trophy Points:
    88
    #12
    When the $biography info is first inserted into your db use addslashes, and when you display it use stripslashes.

    $biography=addslashes($biography);

    $biography=stripslashes($biography);
     
    smatts9, Sep 3, 2006 IP
  13. Barti1987

    Barti1987 Well-Known Member

    Messages:
    2,703
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    185
    #13
    
    str_replace('"','\"',$string); 
    
    PHP:
    This will do what addslashes does.

    Peace,
     
    Barti1987, Sep 3, 2006 IP
  14. smatts9

    smatts9 Active Member

    Messages:
    1,089
    Likes Received:
    71
    Best Answers:
    0
    Trophy Points:
    88
    #14
    addslashes/stripslaes will be better IMO.
     
    smatts9, Sep 3, 2006 IP
  15. wmburg

    wmburg Active Member

    Messages:
    300
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    58
    #15
    Yep!

    Try replacing (line 8)

    $biography = $bandInfo['biography'];
    PHP:
    With this

    $biography = str_replace("\"","&quot;",$bandInfo['biography']);
    PHP:
     
    wmburg, Sep 3, 2006 IP
    ahkip likes this.