PHP - Remove Double Quotes
same(this.getParams['vb'], ab.fill(), 'vb test');Expected: false Result: "false" Diff: false "false" Please tell me how to fix this problem. Similar TutorialsThis code only works in firefox <a onMouseout='hidetooltip()' onMouseover='tooltip(\"<img src=img/heroes/$hero.gif\")' href='hero.php?hero=$hero'>Text</a> Btw, I use this in echo (php). How to get quotes (triple) on <img src= ? I also have tried <img src='img/heroes/$hero.gif' But only works on FireFox Hello everyone! This is my first post. I am very new to php and mysql and coding in general. It has not been made 100% clear to me as to when I should use single quotes, double quotes, and {}. From what I gather you use single quotes for literal interpretation... so if you put something like a variable in single quotes and echoed it, it would literally echo it as it is written and not the value of the variable. in double quotes, I gather that it will echo the value of the variable. as for {} I am unclear as to when to use the curly brackets for a variable. I am assuming if you had a statement in single quotes and you put a variable in curly brackets you would get the value of the variable?
Edited by LazerOrca, 25 November 2014 - 11:20 PM. I don't think I've asked this before have I?? can someone give me an internet KB that gives me all scenarios that warrant using singles or doubles? as in, wrapping values, variables, and why I need to do either, and when, etc, etc....? thanks Edited March 29 by ajetrumpetA problem has arisen which puzzles me. I have forms which save data to MySql and retrieve it, showing it as the default data in the form. Naturally I escape any quotes before sending it to the database and remove the slashes when I retrieve it. But the form HTML code shows the data like this value="$variable" which is fine when only single quotes are used in the data but causes a problem when the user uses double quotes. So data of John \"Jack\" Smith would be output as value="John "Jack" Smith" with obvious problems. If I use value='...' then that would cause problems with single quotes. I haven't seen the answer in any of my books. The only things I can think of is changing all double quotes to single before saving to DB or converting them with htmlspecialcharacters so they are no longer actual quotes. I'm designing a website that takes user input from in a <textarea></textarea> and enters the input into a database. Everything works besides if the user has double quotes (") in his/her message. (the name of the table that I want to add to is alluserposts) What i have so far is the following: from index.php: <form action="insert2.php" method="post"><textarea name="user_post" rows="6" cols="35"></textarea></form> from insert2.php: mysql_query("INSERT INTO alluserposts (post_value) VALUES(" . "\"" . $_POST['user_post'] . "\")" ,$db) or die(mysql_error($db)); I want the user to be able to input any character. How can i do that? I am wondering since in php when you write string in " " quotes php will look if there is any variable and if it is it will read that variable and replace variable name with that value inside the string. However when i use ' ' quotes php will not look for any variables inside that string. So my question is when you write a really big application is it good to always use ' ' quotes when you can instead of " " ones. Does that have an impact on performance. Thanks for print html : What's Better, Faster and Optimized ?!? Code: [Select] echo "<tr height=\"22\"> <form action = \"{$URL}/admin/edit.php\" method=\"POST\"> <input type=\"hidden\" name=\"login\"> <td width=\"15%\" bgcolor=\"$bgcolor\"> <input type = \"text\" name = \"login\" value=" . $f['login'] . "></td> <td width=\"15%\" bgcolor=\"$bgcolor\"> <input type = \"password\" name = \"password\" value=" . $f['pass'] . "> </td> </form> </tr>"; With PHP Method 2 : ( single ) Code: [Select] echo ' <tr><form action = "' . URL . '/admin/editadmins.php" method="POST"> '; echo ' <td align="left" valign="top"><input type = "text" name = "login" value = "' . $f['login'] . '"></td>'; echo ' <td align="left" valign="top"><input type = "password" name = "password" value = "' . $f['pass'] . '"></td></form></tr>'; Method 3 : (With Html And Php echo ) Code: [Select] <tr height="22"> <form action = "../admin/editadmins.php" method="POST"> <td align="left" valign="top"><input type = "text" name = "login" value = "<?PHP echo $f['login']; ?>"></td> <td align="left" valign="top"><input type = "text" name = "password" value = "<?PHP echo $f['pass']; ?>"></td> </form> <tr> Thanks. Is there a difference between a single quote regex and and double quote regex ?
for example :
<?php $res1 = preg_match('/shi*t/', $comment); $res2 = preg_match("/shi*t/", $comment); ?>Thank you Edited by Dareros, 17 September 2014 - 07:07 PM. I have created a simple form that collects a comment or question from a visitor to my website. The problem is that if the visitor types: Your site looks Ok. I will get that message. But if the type: Your site needs "Work". I will get: Your site needs The script will not send the double quotes or anything after the double quotes What am I missing??? I have tried: addslashes() str_replace() preg_replace() with on change to the message. This is the script Code: [Select] <?php $recipient = $_POST['recipient']; $subject = $_POST['subject']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $senders_email_address = $_POST['senders_email_address']; $comments = $_POST['comments']; $mailheaders .= "To: Thin Dime Web. <$recipient>\n"; $mailheaders .= "From: $first_name $last_name <$senders_email_address>\n"; $body .= "Subject: $subject\n\n"; $body .= "Senders Name: $first_name $last_name\n"; $body .= "E-mail Address: $senders_email_address\n\n"; $body .= "The following Comments or Question came from a visitor to your website\n"; $body .= "\n"; $body .= "$comments\n"; mail("$recipient", "$subject", "$body", "$mailheaders"); ?> When I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.
I was told to use mysqli_real_escape_string but that didn't work.
Here's my code -
$blog= mysqli_real_escape_string($con, $_POST['blog']); $blog= $_POST['message']; $sql = "SELECT * FROM table WHERE `message` = '{$message}'"; $result = mysql_query($sql); if ( mysql_num_rows ( $result ) > 0 ) { $error = "Message Exists."; } else { $error = "This message does not exist. Insert it!!!"; $sql="INSERT INTO table (message) VALUES ('$_POST[message])"; } if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } mysqli_close($con) Edited by barkly, 26 October 2014 - 09:31 PM. Hi all I have a field in mySQL table called dimensions. It has the double quote in in for inches - " When I echo the result from the mySQL query on the item page (Customer facing) it's fine. However, I have built a form so that the administrator can edit the dimensions in the admin panel and when I echo it out in to the form field it stops when it gets to the double quotes? Pete I have a navigation list displaying which is a mix of html and php, everything is working fine however now I want to convert this block of code into a function but am having major problems with quotes. The line of code I currently have is $data = $db->query("SELECT * FROM menu")->fetchAll(PDO::FETCH_ASSOC); foreach ($data as $row) { ?> <li><a href="<?php echo $row['url']; ?>" title="<?php echo $row['title']; ?>"><?php echo $row['icon'] . ' ' . $row['header']; ?></a></li> <?php } ?> As I say everything works using the above but now I am trying to echo the full li out and am having major issues with single and double quotes. I currently have echo "<li><a href='#' title='the title'><i class='fas fa-user site-nav--icon'></i> Help</a></li>"; Now I am trying to use the $row['url'], $row['title'], $row['icon'] & $row['header'] as per the top example but I cannot get the combination of quote marks correct, whether to use double, single or a combination. I would be grateful if someone could suggest the correct syntax for the a tag then I can work through the rest. Thanks I'm using the codeigniter mvc framework and there's an escape function to use before adding the data to the database. This function adds single quotes around the string of data. Is there any already existing php function or does anyone know how to code a function that strips ONLY the surrounding single quotes? I have a query that gets staff on a particular day then performs a while loop selecting each member that works on that day and the times they work between. I have a for loop in that while loop that lists apointment times for each staff member every 15mins between the times they work, this works fine. I then have in the for loop a while loop that checks for existing appontments in the appointment table and changes the appointment slot for times that are booked to booked. I have found though that the second while loops causes doubling of results when an appointment is found, so I need to work out how to restructure this code so that i dont get the doubling effect of result. you can see the result of the script here http://justrelax.net.au/datetest.php and the code that causes the problem is // convert to US format $input="$month/$day/$year"; // readable date $readDATE="$day/$month/$year"; // convert for mysql date $sqlDATE="$year-$month-$day"; // get day of the week $weekday=date(l, strtotime($input)); echo $weekday."<br/>"; // get working staff from staff table $staffSQL=mysql_query("SELECT * FROM staff WHERE ".$weekday." != 'off' AND onLEAVE='no' AND ACTIVE='yes' ORDER BY staffID ASC"); // return results putenv("TZ=Australia/Adelaide"); while ($staff=mysql_fetch_array($staffSQL)) { $name=$staff['staffNAME']; $avail=$staff[$weekday]; $staffID=$staff['staffID']; list($first, $last)=explode(" ", $name); list($in, $out)=explode("-", $avail); $firstTIME="$sqlDATE $in:00"; $lastTIME="$sqlDATE $out:00"; echo "$first is available between $avail on $weekday<br/>"; $in2=strtotime($firstTIME); $out2=strtotime($lastTIME); $stop=$out2-900; echo $in2." - time start - $firstTIME<br/>"; echo $out2." - time finish - $lastTIME<br/>"; for ($inc=$in2;$inc<=$stop;$inc+=900) { $existSQL=mysql_query("SELECT * FROM appointment WHERE date='$sqlDATE' AND staffID='$staffID'"); if (mysql_num_rows($existSQL)>=1) { while ($appointV=mysql_fetch_array($existSQL)) { $resSTART=$appointV['dateTIME']; $length=$appointV['totalTIME']; $resEND=$resSTART+($length*60); if ($inc>=$resSTART && $inc<=$resEND) { echo "Appointment time is ".date("g.i a", $inc)." <font color='red'><< $first BOOKED</font><br/>"; } else if ($inc<$resSTART || $inc>$resEND) { echo "Appointment time is ".date("g.i a", $inc)." <font color='green'><< $first AVAILABLE</font><br/>"; } } } if (mysql_num_rows($existSQL)==0) { echo "Appointment time is ".date("g.i a", $inc)." <font color='green'><< $first AVAILABLE</font><br/>"; } } } could really use some help on this I have been trying different things for a few days now. Quotation marks are confusing me.
What do you guys use when it comes to quotation marks?
In HTML attributes and throughout the bodies of my web pages, I use the HTML entity ("). For example:
<a href="" title="Read "Article Name""> <p>In his new book, he says: "This is a quote."</p>I thought that this is the best practice. However, today, I read that it's perfectly safe to use straight quotes (") in the body, and that I should use the HTML entity only in HTML attributes. Is that correct? But what if I want to use curly quotes in the body instead of straight quotes? Should I always use the HTML entities for curly quotes (“ and ”), or can I also safely use the characters (“”)? I heard that straight quotes are safe in all browsers, even if you don't specify the character set of your web pages, but that curly quotes are only safe if you specify the character set or if you use the HTML entities. Is that true? And what about the <q> tag? Apparently, it's compatible with all browsers but they treat it differently. Edited by Fluoresce, 30 August 2014 - 07:37 AM. The fancy-looking quotes won't insert into my DB, so I'm trying to convert them to %93 & %94 or normal quotes.
Nothing I've tried works.
Code:
$fancy=" “test” "; $fixed=htmlentities($old, ENT_QUOTES); echo "fancy: $fancy<br>"; echo "fixed: $fixed"; Results: fancy: “test” fixed: I want $fixed to be %93test%94, or even "test" would work. Edited by rwmaho, 18 October 2014 - 01:28 PM. Hello, Using the following code, I'm extracting the $current_solution from my database. However, if the variable has quotes in it, I get gobbledegook. Code: [Select] <input type ="radio" name="solution" <?php echo 'value="' . $current_solution . '"' ?> id="solution" <?php if ($row['solution'] == $current_solution) {echo 'checked = "yes"';} ?>/><?php echo$current_solution; ?></label> As an example, if the $current_solution variable is: A right-side up letter u then I get: " id="solution" checked = "yes"/> A right-side up letter "u". I know that it's a quote issue but am not sure how to fix it. I tried adding slashes but I fear that it didn't work. Any thoughts on this would be appreciated! Thanks so much, Eric So, I think you have all heard the news. THEY ARE GONE! Unfortunately, I do have some old code that I do not feel like going line by line and updating. I was wounding if you guys could help me out. I was hoping that there would be a way to set a define of some sort then when I grab something out of an SQL table it will automatically takeout the "\" (Slashes) and when I insert something into the database it will add the slashes... YES I know and have read the statement written by the php group [http://www.php.net/manual/en/securit...uotes.why.php] But i do not particularly want to go through my code and change everything by hand. If you have any idea, or would like me to explain it another way, please post. Any help will be greatly appreciated. --redcrusher |