hii,
I am storing form data into database and later i gve admin the option of editing the content of it by means of a form ..there is a small problem with ' .ie when ever there is a date like test's in database....whi le fetching its fetches properly but while displaying its giving a prob like it just prints test and nothing after it the ' is giving a prob.
this is the php command ...any change needs to be make here
[PHP]print("<td><inp ut name='Descripti on' type=text size=80 value='" . $test[$nr][Description] . "'></td>");[/PHP]
this displays only test
but if i give print_r($test[$nr][Description]);
its displays full test's
wht changes need to be made in print statement..
Thanks,
pradeep
6 1258 dlite922 1,584
Recognized Expert Top Contributor
hii,
I am storing form data into database and later i gve admin the option of editing the content of it by means of a form ..there is a small problem with ' .ie when ever there is a date like test's in database....whi le fetching its fetches properly but while displaying its giving a prob like it just prints test and nothing after it the ' is giving a prob.
this is the php command ...any change needs to be make here
[PHP]print("<td><inp ut name='Descripti on' type=text size=80 value='" . $test[$nr][Description] . "'></td>");[/PHP]
this displays only test
but if i give print_r($test[$nr][Description]);
its displays full test's
wht changes need to be made in print statement..
Thanks,
pradeep
MySQL will always return what you query it at. What you gave us, was not MySQL but the PHP code to display the result.
What's your query?
But that's besides the point, You INSERTION into the database is wrong.
Please use mysql_real_esca pe_string() function on all variables before inserting them into the MySQL database. (If MySQL is what you're using)
Let us know,
Dan
Hey in database its storing properly ..but while displaying its not displaying.this is the display command.
[PHP]print("<td><inp ut name='Descripti on' type=text size=80 value='" . $test[$nr][Description] . "'></td>");[/PHP]
in this its giving problem..
thanks,
Pradeep
Atli 5,058
Recognized Expert Expert
The problem there is that you are creating invalid HTML output.
That is, consider this: -
<?php
-
$string = "Test's";
-
echo "<input type='text' value='$string' />";
-
-
# Produces:
-
# <input type='text' value='Test's' />
-
?>
-
As you see, the apostrophe in Test's is causing the value of the "value" parameter to close early, leaving s' outside it. *Luckily* most browsers will recover from this syntax error and only show "Test".
What you need to do is escape the extra apostrophe, so the browser will know it is not meant to close the string. -
<?php
-
$string = str_replace("'", "\\'", "Test's");
-
echo "<input type='text' value='$string' />";
-
-
# Produces:
-
# <input type='text' value='Test\'s' />
-
?>
-
Which should be rendered correctly by the browser.
Is there any other way of doing it bcos my lot many forms are running and i need to do it faster..
try to output the value using htmlentities() and the ENT_QUOTES param.
[php]
<?php
echo '<input name="foo" type="text" value="',htmlen tities($str, ENT_QUOTES),'" />';
?>
[/php]
also look at htmlspecialchar s(), it may help.
thanks a lot both of them work fine..
[PHP]<?php
function htmlspecialchar s_array($arr = array()) {
$rs = array();
while(list($key ,$val) = each($arr)) {
if(is_array($va l)) {
$rs[$key] = htmlspecialchar s_array($val);
}
else {
$rs[$key] = htmlspecialchar s($val, ENT_QUOTES);
}
}
return $rs;
}
$test=htmlspeci alchars_array($ test);
?>
[/PHP]
i used this script so tht it checks at the beginning!!!!..
thanks
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Dave Moore |
last post by:
Hi All,
Can anybody point me to a FAQ or similar that describes what all this
stuff is about please?. I'm interfacing with a MySQL database if that's
relavent. I've read a couple of books which refer to stripslahes and
'escaping' but nothing really explains what these terms are and why these
are used. Why is 'escaping' (whatever that is) used?. What the hell is a
magic quote?. How is it different from a non-magic one?.
Regards,
Dave
|
by: Aloysio Figueiredo |
last post by:
I need to replace every ocurrence of '/' in s by '\/'
in order to create a file named s. My first attempt
was:
s = '\/'.join(s.split('/'))
but it doesn't work:
>>> s = 'a/b'
>>> s = '\/'.join(s.split('/'))
|
by: felciano |
last post by:
Hi --
I am trying to use the csv module to parse a column of values
containing comma-delimited values with unusual escaping:
AAA, BBB, CCC (some text, right here), DDD
I want this to come back as:
|
by: bobbyballgame |
last post by:
I am having a problem calling Stored Procedures:
....
dim MyValue, MyOtherValue
MyValue = "Bobby's value"
MyOtherValue = Bobby's other value"
rs.Open "exec MyStoredProc """ & MyValue & """, """ & MyOtherValue & """",
Conn
|
by: Joe Price |
last post by:
Hi all
I've formatted one of my xml files for viewing through a web browser
using xsl.
It works fine in Internet Explorer, however when I use Netscape6 or
Opera to view the same page the disable-output-escaping function does
not work and it is displaying html tags as text rather than code.
Can anyone enlighten me as to why this is happening?
Am i using the wrong namespace? i'm currently using:
| |
by: Geoff Caplan |
last post by:
Hi folks,
The thread on injection attacks was very instructive, but seemed to
run out of steam at an interesting point. Now you guys have kindly
educated me about the real nature of the issues, can I ask again
what effective escaping really means?
Are the standard escaping functions found in the PHP, Tcl etc APIs to
Postgres bombproof? Are there any encodings that might slip through
and be cast to malicious strings inside Postgres?...
|
by: Jon |
last post by:
Hi,
I used XslCompiledTransform with the following Xsl file. The <xsl:text
disable-output-escaping="yes"does not work when using XslCompiledTransform
to do the trnasform (namely the output contain < not <), while it works when
using MSXML2 to do the transform. Does anyone have the same problem and how
to make the escape work? Thanks.
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
by: Taras_96 |
last post by:
Hi everyone,
I'm having a bit of trouble understanding the purpose of escaping
nulls, and the use of addcslashes.
Firstly, the manual states that:
"Strictly speaking, MySQL requires only that backslash and the quote
character used to quote the string in the query be escaped. This
function quotes the other characters to make them easier to read in
|
by: David Henderson |
last post by:
I know 'disable-output-escaping' has been discussed in the past, but I can't
put my finger on any of the threads to see if my current problem is
addressed. Sorry for re-asking the question if it has already been
answered...
I have an XML doc that I am transforming via XSLT and JavaScript in the
browser. This allows me to return unsorted data to the browser and allow
the user to sort it with a mouseclick and not hit the server just...
|
by: C C++ C++ |
last post by:
what is an escaping variable?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |