|
PHP - Replacing Quotes In Submitted Forms
Hi All,
I have a text field in a form that when submitted, passes the submitted data, using $_POST into a second webpage. I then use an insert statement on that page to insert the submitted text in to a DB. I have finding that if user's place either a quote (") or a apostrophie (') in the form, it truncate's the insert statement, as it takes the characters as the end of the line. Is there any other way of managing quotes and apostrophies in forms? Cheers Matt Similar TutorialsA problem has arisen which puzzles me. I have forms which save data to MySql and retrieve it, showing it as the default data in the form. Naturally I escape any quotes before sending it to the database and remove the slashes when I retrieve it. But the form HTML code shows the data like this value="$variable" which is fine when only single quotes are used in the data but causes a problem when the user uses double quotes. So data of John \"Jack\" Smith would be output as value="John "Jack" Smith" with obvious problems. If I use value='...' then that would cause problems with single quotes. I haven't seen the answer in any of my books. The only things I can think of is changing all double quotes to single before saving to DB or converting them with htmlspecialcharacters so they are no longer actual quotes. Hi There, Is there any way that when a user submits a form, but places a link inside - for example: It is located at this location: http://mylink.com Is there any way that PHP can pick up the fact that there is a link there and tag it correctly so it is clickable? Cheers Matt Hi There, I am putting a form together that when submitted, pumps data in to an SQL DB. However I am having problems with quotation marks - for example, it's and her's and thier's cause an error, because the insert statement takes the quote as the end of the row. How can PHP handle this so that it either removes, or replaces that quote? Thanks Matt Hi... I'm trying to make a form to edit a database entry that will be pre-populated with the current contents of the row being modified. Unfortunately, I only seem to be able to get it to pre-populate with the first word in each field (as in, if I had "two words" in a field, what would show up in my form is the word "two"). I've spent quite a while poking around on the web, and I'm 75% certain that my problem has something to do with my use/positioning of quotes, since that frequently seems to cause just this issue in just this situation, but none of the solutions I've found seem to help... Any advice would be much appreciated, I'm thoroughly stuck. Code is currently as follows: <?php require("dbinfo.php"); $con = mysql_connect("localhost", $username, $password); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db($database, $con); $result = mysql_query("SELECT * FROM main WHERE id='$_POST[id]'"); while($row = mysql_fetch_array($result)) { echo "<form action='update.php' method='post'>"; echo "<input type='hidden' name='id' value=".$_POST['id']."><br>"; echo "Name: <input type='text' name='name' value=".$row['name']."><br>"; echo "Type: <select name='type' value=".$row['type']."> <option value='Food Pantry'>Food Pantry</option> <option value='Food Pantry'>Soup Kitchen</option> <option value='Food Pantry'>Shelter</option> <option value='Food Pantry'>Other</option></select><br>"; echo "Address: <input type='text' name='address' value=".$row['address']."><br>"; echo "State: <input type='text' name='state' value=".$row['state']."><br>"; echo "Phone: <input type='text' name='phone' value=".$row['phone']."><br>"; echo "E-mail: <input type='text' name='email' value=".$row['email']."><br>"; echo "Website: <input type='text' name='website' value=".$row['website']."><br>"; echo "Hours: <input type='text' name='hours' value=".$row['hours']."><br>"; echo "Requirements: <input type='text' name='requirements' value=".$row['requirements']."><br>"; echo "Additional Information: <input type='text' name='additional' value=".$row['additional']."><br>"; echo "<input type='submit' />"; echo "</form>"; } mysql_close($con); ?> Hi All, I have a html form that I can submit using php, which then enters information into a database. This works fine when the text is just standard text - for example "the cat is on the mat". But if I put in "the cat's on the mat" - then the speach mark throws an error up! Is there any way around this? Thanks Matt This code only works in firefox <a onMouseout='hidetooltip()' onMouseover='tooltip(\"<img src=img/heroes/$hero.gif\")' href='hero.php?hero=$hero'>Text</a> Btw, I use this in echo (php). How to get quotes (triple) on <img src= ? I also have tried <img src='img/heroes/$hero.gif' But only works on FireFox Quotation marks are confusing me.
What do you guys use when it comes to quotation marks?
In HTML attributes and throughout the bodies of my web pages, I use the HTML entity ("). For example:
<a href="" title="Read "Article Name""> <p>In his new book, he says: "This is a quote."</p>I thought that this is the best practice. However, today, I read that it's perfectly safe to use straight quotes (") in the body, and that I should use the HTML entity only in HTML attributes. Is that correct? But what if I want to use curly quotes in the body instead of straight quotes? Should I always use the HTML entities for curly quotes (“ and ”), or can I also safely use the characters (“”)? I heard that straight quotes are safe in all browsers, even if you don't specify the character set of your web pages, but that curly quotes are only safe if you specify the character set or if you use the HTML entities. Is that true? And what about the <q> tag? Apparently, it's compatible with all browsers but they treat it differently. Edited by Fluoresce, 30 August 2014 - 07:37 AM. The fancy-looking quotes won't insert into my DB, so I'm trying to convert them to %93 & %94 or normal quotes.
Nothing I've tried works.
Code:
$fancy=" “test” "; $fixed=htmlentities($old, ENT_QUOTES); echo "fancy: $fancy<br>"; echo "fixed: $fixed"; Results: fancy: “test” fixed: I want $fixed to be %93test%94, or even "test" would work. Edited by rwmaho, 18 October 2014 - 01:28 PM. Hello everyone! This is my first post. I am very new to php and mysql and coding in general. It has not been made 100% clear to me as to when I should use single quotes, double quotes, and {}. From what I gather you use single quotes for literal interpretation... so if you put something like a variable in single quotes and echoed it, it would literally echo it as it is written and not the value of the variable. in double quotes, I gather that it will echo the value of the variable. as for {} I am unclear as to when to use the curly brackets for a variable. I am assuming if you had a statement in single quotes and you put a variable in curly brackets you would get the value of the variable?
Edited by LazerOrca, 25 November 2014 - 11:20 PM. I don't think I've asked this before have I?? can someone give me an internet KB that gives me all scenarios that warrant using singles or doubles? as in, wrapping values, variables, and why I need to do either, and when, etc, etc....? thanks Edited March 29 by ajetrumpetHi there, I have a newsletter sign up form which just puts the data (id and email) into a mysql table. To stop people hacking the site, is there a way to make sure the only thing being submitted in the input is an email address? Here's my current form and submit php: Code: [Select] <?php $mailer = $_GET['mailer']; if ($mailer == 'added') { $email=$_POST['email']; if($email == '') { echo '<div class="daily_not_submitted"><span style="padding-right:6px;"><img src="https://store.huhmagazine.co.uk/images/cross.jpg"></span>Please fill in all the fields.</div>'; }else { $sql="INSERT INTO `dailymailer` (`email`) VALUES ('$email');"; $result=mysql_query($sql) or die(mysql_error()); if($result){ echo "<div class='daily_submitted'><span style='padding-right:6px;'><img src='http://www.huhmagazine.co.uk/images/uploaded/checkboxtick.jpg'></span>Thank you.</div>"; } else { echo "Error\n"; } } } ?> <div id="sidebarnewsletter"> <form name="mailinglist" method="post" action="?mailer=added"> <input type="text" name="email" class="sidebarnewsletter" placeholder="Enter Your Email Address" /> <input type="submit" class="sidebarnewsletter_button" value="Sign Up"> </form> <div class="clear"></div> </div> Up until now, I have been writing Forms that submit back to themselves. Now I want to break up my code. I usually have this PHP at the top of my forms... Code: [Select] <?php // ******************************************** // HANDLE FORM. * // ******************************************** if ($_SERVER['REQUEST_METHOD']=='POST'){ // Form was Submitted (Post). If I change my Form Action to point to another script, will this code work in that new script?? (In other words, will Script_B be able to detect $_SERVER['REQUEST_METHOD']=='POST' ??) Thanks, Debbie I am trying to filter characters that get submitted into forms and than database. I have been paying with trim function $string = $_POST[name]; $newstring = trim($string,"W"); echo "$newstring"; but it does not seem to do what I really need. If I enter name World I do get "orld" back, but what if I want to filter out W (or w) and L (or l) to get "ord". I am mainly going after removing ' " ; : . > , < - _ ( ) * & ^ % $ # @ ! \ | / ? I know there is a different way to do it, but it has been long tome since I have seen it, and I do not know where. Thanks for your help I now know how to append GET over normal hyperlinks, but I don't know how to do it with form submissions. Here's the problem: I have a form like this one: <form method="GET" action=""> <?php require_once ('sort_category_func.php'); $switch = 1; sort_category ($switch); ?> + Most Liked <input type='checkbox' value='mostLiked' name='mostLiked' /> <br /> <input type="submit" name="sortSubmit" value='Go' /> <br /><br /> </form> And the variables: // DROP DOWN MENU VARIABLES $select_category = $_REQUEST['sort_category']; $most_liked = $_GET['mostLiked']; I'm using a while loop to list user submission, you can also sort them by category which works over GET, this works as long as there is no GET data already in the URL, but as soon as there is GET data it won't work anymore. Here's an example: If I have a user profile page opened like this: profile.php?user=konopkov And a category has been chosen to sort the user's submissions the URL will change to: profile.php?sort_category=Logos INSTEAD it should be: profile.php?user=konopkov&sort_category=Logos As I said I know how to achieve this with hyperlinks now, but I have no clue how do it with form submissions. Any suggestions? Thanks. I'd like to edit specific parts of a submitted text what is the best way to do this? For example I get the following text: [name country] is very cold this time of year. Because I like the cold I would love to live there [end of line 2] whole lot more text here until [name country] if this text here exists, blabla [but Germany] is blabla [end of line] in some cases some more text here [summary] bla bla The text in the brackets are words that I already know before it has been submitted. Getting the words out has been part of my previous script, using preg_match and put them in variables. I want to put the first portion of the text in a row, if 2nd, 3rd and 4th portion exist, put them in a row too. Any ideas? [edited] I prefer to have these portions cut out and put in a variable. So I end up having a few variables and can later echo that out in rows Edited by dde, 18 January 2015 - 04:01 AM. To execute code on successfully submitting text input, is this "bare minimum" code secure enough?
if(!empty($_POST["textfield_input"])) { ...or is it best to make sure all 4 of these are confirmed:
if (
The html portion is simply: I've searched on the net about this several times, and see different answers, and it looks like each PHP expert has their favorite.... but I would rather know the "best practices" answer to this. Thank you!!
Edited November 5, 2019 by StevenOliver Hello, Basically, What I'm looking for would be for a method of blocking certain email addresses from being submitted in a form, I need it to block certain emails that are on the list. I think the best way to describe it would be a form submission blacklist that is checked before it gets submitted. Many thanks I've got a BIG problem... When a user submits my form it works fine, displays a "Transaction Success/Failed", and e-mails me a confirmation. However, if the user then navigates to another page (e.g. "Home"), and then clicks their browser's "Back" button, my form gets re-submitted?! This is on a VPS, but I just chatted with server support and they are saying, Quote register_globals = Off So what is going wrong?! Debbie I want the script to check if something already has been submitted into the database before the submission, I tried it to do it with num_rows, but I'm encountering a problem. Here's the script: $con_submit = $_POST['submit']; $user_id = $_SESSION['user_id']; if ($con_submit && isset($user_id)) { $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // POST variables $knuffix_name = strip_tags(trim($_POST['knuffix_name'])); $knuffix_contribution = $_POST['knuffix_contribution']; $knuffix_category = strip_tags(trim($_POST['sort_category'])); $query = sprintf("SELECT * FROM con WHERE contribution = '%s'", mysqli_real_escape_string($dbc, $knuffix_contribution)); $query_run = mysqli_query ($dbc, $query) or die (mysqli_error ($dbc)); $num_rows = mysqli_num_rows ($query_run) or die (mysqli_error ($dbc)); // $assoc = mysqli_fetch_assoc ($query_run) or die (mysqli_error ($dbc)); echo "num rows" . $num_rows; // and then as an example: if ($num_rows == 0) { // run INSERT INTO script } } When there are entries in the database then num_rows will return me the amount of entries in the echo, BUT if there are ZERO entries, then nothing will happen, and that is because of the query. Since the query looks as follows: Code: [Select] SELECT * FROM con WHERE contribution = '$variable_post_submission' Which means if there's no entry in the database at all, then the query has nothing to select, which again makes the rest of the script NOT work. Which means that num_rows does not return any value, the echo will not even get printed out. But I on the other hand would like num_rows to return zero and have the script continue by INSERTING the submitted data into the database. Any ideas how I could accomplish this? |
|||||||