Best way to get quoted text in mysql?

It took me a lot of trial and error to get text from an HTML form into MySQL to
account for quotation marks being entered. I came up with the following. It
works fine but I was wondering if this is the best way. Here are the relevant
snippets:

1) User enters data via post.html:

<form method="POST" action="post_co nfirm.php" name="form">
<textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLi mit(comments,
800);"></TEXTAREA>
<input type="submit" name="Submit2" value="Submit" onClick="return
validate(form)" >
</form>

2) User is presented with the confirmation form post_confirm.ph p:

Strips html tags, and displays without the slashes that PHP puts in:
<?php $comments=strip slashes(strip_t ags($_POST['comments'])); ?>

Displays the user comments:
<?php echo $comments; ?>

If ok, user sends it to be posted:
<form method="POST" action="postnot ice.php">
<input type="hidden" name="comments" value="<?php echo
htmlspecialchar s($comments, ENT_QUOTES ); ?>">
</form>

3) Stuff is posted in MySQL via postnotice form:

<?php $comments=addsl ashes($_POST['comments']); ?>
Better way or OK?

TIA -

jon
--
jwayne@_myrealb ox_no_spam.com

Jul 16 '05 #1

Subscribe Reply

3468

Jochen Daum

Hi jwayne!

On Mon, 30 Jun 2003 16:05:12 -0400, JW <jwayne@_myreal box_no_spam.com >
wrote:

It took me a lot of trial and error to get text from an HTML form into MySQL to
account for quotation marks being entered. I came up with the following. It
works fine but I was wondering if this is the best way. Here are the relevant
snippets:

1) User enters data via post.html:

<form method="POST" action="post_co nfirm.php" name="form">
<textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLi mit(comments,
800);"></TEXTAREA>
<input type="submit" name="Submit2" value="Submit" onClick="return
validate(form) ">
</form>

2) User is presented with the confirmation form post_confirm.ph p:

Strips html tags, and displays without the slashes that PHP puts in:
<?php $comments=strip slashes(strip_t ags($_POST['comments'])); ?> You can turn of the slashes that are put in, by using the ini_set with
magic_quotes_gp c. My suggestion is to turn it off.

Displays the user comments:
<?php echo $comments; ?>

If ok, user sends it to be posted:
<form method="POST" action="postnot ice.php">
<input type="hidden" name="comments" value="<?php echo
htmlspecialcha rs($comments, ENT_QUOTES ); ?>">
</form>

3) Stuff is posted in MySQL via postnotice form:

<?php $comments=addsl ashes($_POST['comments']); ?>
Better way or OK?

You may get around the one stripslashes with my suggestion.

Hope I could help.

Jochen
--
Jochen Daum - CANS Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.
http://sourceforge.net/projects/phpdbedittk/

Jul 16 '05 #2

Jochen Daum

Hi !
On Mon, 30 Jun 2003 20:18:23 -0400, JW <jwayne@_myreal box_no_spam.com >
wrote:

You may get around the one stripslashes with my suggestion.

I tried your suggestion but there is problem: when I do a mysql_query, it bombs
with _single_ quotes in the user text.

Sorry. Just remove one instance of stripslashes, not all instances of
*slashes. But your code was fine anyway. If you use shared servers,
you might not be in control of these switches anyway. Maybe have a
look at get_magic_quote s_gpc.

HTH, Jochen
--
Jochen Daum - CANS Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.
http://sourceforge.net/projects/phpdbedittk/

Jul 16 '05 #3

Paul Liversidge

Jochen Daum <jo*********@ca ns.co.nz> wrote in message news:<lm******* *************** **********@4ax. com>...

Better way or OK?

There is a RemoveMagicQuot es function floating around, probably on
php.net in the user comments that I've found to be very effective. You
just run it on the top of every page and it removes the magic quotes
if the server has them on or off. I've moved PHP scripts between
hosting companies and it can suddenly make a working script, not work.
A little auto-detection and dealing with it can help.

Jul 16 '05 #4

Similar topics

7710

What is the best way to store XML file in MySQL?

by: jacob nikom | last post by:

Hi, I would like to store XML files in MySQL. What is the best solution: 1. Convert it to string and store it as CLOB/text 2. Serialize it and store as byte array 3. Flatten it out and create one column per element, each column is VARCHAR Does MySQL has anything special for XML data? Is there any software which helps to store XML data in MySQL

MySQL Database

9246

Object test = new Object() <-- Java, best way in C++

by: DrUg13 | last post by:

In java, this seems so easy. You need a new object Object test = new Object() gives me exactly what I want. could someone please help me understand the different ways to do the same thing in C++. I find my self sometimes, trying Object app = Object(); Object *app = Object(); Object app = new Object();

C / C++

1538

Opinions on best DB interface

by: Craig Taylor | last post by:

Just curious as to opinions on the best DB interface for mysql ... I typically use the PEAR DB package but curious as to what others see as strengths and weaknesses in PDO, native mysql drivers and others. - Craig Taylor http://www.ctalkobt.net/php

PHP

3636

Programming - Best Practice

by: bigHairy | last post by:

Hello. I have been teaching myself .NET over the last few months and have had some success. I would like to ask a question though... A number of examples I have followed have the following in their finally statement Try ......

Visual Basic .NET

1980

Advice on the best practice please...

by: Nemisis | last post by:

Guys, I would like to write a error handler, or something, that will allow me to write to a database when an error occurs on my site. I am trying to implement this in the global.asax file a the moment, but am having problems when a 404 error occurs, i cant access sessionstate. Is writing this code in the global.asax file the best way to do this? I have been searching on the net and hear alot about httphandlers? Will a httphanlder...

ASP.NET

2702

What is the best way to read a HTML "readable" web directory...

by: GenCode | last post by:

What is the best way to read a "readable" web directory... I know I can do this Client.DownloadFile("http://www.mydomain.com/readabledir/", c:\ \dir.txt"); But that gives me the html and all the other tags...all I want is a directory listing of all the *.gif in this dir and not all the html Now I know I can parse the html to get the gif file names...but I

C# / C Sharp

1484

What is the best pratice?

by: Paulo Roberto | last post by:

Hi, I have a VS2005 asp.net 2.0 C# application with a lot of screens just like customers, companys, manufacturers wich has always the same basics working like a gridview showing the records, and the basic functions: inserting, editing and deleting records from tables... What is the best method to do/optimize that? Creating each .aspx ? Because what most changes is the fields tables... what do you suggest? Thanks

ASP.NET

1795

Best way of Allocating and Deallocating memory

by: Amit_Basnak | last post by:

Dear Friends I have two structures as below typedef struct { long_int length; char data; } CI_STRUCT_DATA; typedef CI_STRUCT_DATA *ptr_CiStructData;

C / C++

2028

Best Way to Synch 2 Tables?

by: Patrick A | last post by:

All, I have an Access DB. On a nightly basis, I want to look at an Other DB (not Access, but SQL) and: + Add any new records from Other.Clients into Access.Clients Is this something I should use a "tool" (SQL Data Compare, SqlSync, etc.) to do, or could I pull this off reliably every night just using

Microsoft Access / VBA

8468

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8814

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8660

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6213

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5683

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4390

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2799

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2041

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

1792

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General