473,233 Members | 1,376 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,233 software developers and data experts.

%27 and ' - urlencode

Quite a lot of my data has apostrophes in. I'm passing the data using $_POST
and urlencode. So, for example, Joe's becomes Joe%27s.

On the next page, I urldecode and display the name in the META title. It
comes out as Joe\'s.

When I pass it once again, it becomes Joe\\\'s.

What am I doing wrong here?

Thanks
Sep 9 '05 #1
5 8185
elyob said the following on 09/09/2005 11:21:
Quite a lot of my data has apostrophes in. I'm passing the data using $_POST
and urlencode. So, for example, Joe's becomes Joe%27s.

On the next page, I urldecode and display the name in the META title. It
comes out as Joe\'s.

When I pass it once again, it becomes Joe\\\'s.

What am I doing wrong here?


http://www.php.net/manual/security.magicquotes.php

If you can, disable this feature, cos it's really annoying, as you've
just found out!
--
Oli
Sep 9 '05 #2

"Oli Filth" <ca***@olifilth.co.uk> wrote in message
news:Et************@newsfe7-win.ntli.net...
elyob said the following on 09/09/2005 11:21:
Quite a lot of my data has apostrophes in. I'm passing the data using
$_POST and urlencode. So, for example, Joe's becomes Joe%27s.

On the next page, I urldecode and display the name in the META title. It
comes out as Joe\'s.

When I pass it once again, it becomes Joe\\\'s.

What am I doing wrong here?


http://www.php.net/manual/security.magicquotes.php

If you can, disable this feature, cos it's really annoying, as you've just
found out!


Great stuff. Thanks for that, the default php.ini had this. It's now gone. I
seem to remember one of the main PHP developers writing that magic quotes is
stupid and should be dropped.

Sep 9 '05 #3
I noticed that Message-ID: <43********@news1.homechoice.co.uk> from
elyob contained the following:
Great stuff. Thanks for that, the default php.ini had this. It's now gone. I
seem to remember one of the main PHP developers writing that magic quotes is
stupid and should be dropped.


You only need to url encode data that is going in a URL (duh...).

And don't forget that your database security is now down to you in this
and all future projects.

(you could have just used stripslashes() )
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Sep 9 '05 #4
Geoff Berrow said the following on 09/09/2005 13:10:
I noticed that Message-ID: <43********@news1.homechoice.co.uk> from
elyob contained the following:

Great stuff. Thanks for that, the default php.ini had this. It's now gone. I
seem to remember one of the main PHP developers writing that magic quotes is
stupid and should be dropped.

You only need to url encode data that is going in a URL (duh...).

And don't forget that your database security is now down to you in this
and all future projects.


Yes, I'll echo that sentiment.

(you could have just used stripslashes() )


IMO, using mysql_real_escape_string() once to put a value into a SELECT
query is far less annoying than having to use stripslashes() all over
the place...

Furthermore, magic quotes don't escape all the necessary characters to
make a string safe for SQL.
--
Oli
Sep 9 '05 #5
Not sure if you necessarily want to urlencode/decode here. All you really
need here is . . .

$data = stripslashes($_POST['field']);
echo $data;


On 9/9/05 6:21 AM, in article 43********@news1.homechoice.co.uk, "elyob"
<ne*********@gmail.com> wrote:
Quite a lot of my data has apostrophes in. I'm passing the data using $_POST
and urlencode. So, for example, Joe's becomes Joe%27s.

On the next page, I urldecode and display the name in the META title. It
comes out as Joe\'s.

When I pass it once again, it becomes Joe\\\'s.

What am I doing wrong here?

Thanks


Sep 9 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Joshua Beall | last post by:
Hi All, I can see from the manual that the difference between urlencode and rawurlencode is that urlencode translates spaces to '+' characters, whereas rawurlencode translates it into it's hex...
3
by: JP SIngh | last post by:
Hi All I have users who upload files using my application using ASPUPLOAD component. My code uploads the file to a network location and once the upload is finish I display the hyperlink using...
1
by: yawnmoth | last post by:
Any ideas as to why urlencode(addslashes(chr(0))) returns '%5C0'? It seems like it should return '%00' since that's what urlencode(chr(0)) returns. If not that, I could also see it returning...
1
by: Jim | last post by:
Hello, I'm trying to do urllib.urlencode() with unicode correctly, and I wonder if some kind person could set me straight? My understanding is that I am supposed to be able to urlencode...
4
by: Andreas Klemt | last post by:
Hello, is there a difference between System.Web.HttpUtility.UrlEncode and Server.UrlEncode ?
1
by: Dario Sala | last post by:
Hi, what's the difference about Asp Server.UrlEncode and the Asp.Net Server.UrlEncode ? In asp: Server.UrlEncode("*") = %2A In Asp.Net: Server.UrlEncode("*") = *
4
by: djc | last post by:
1) I just recently used my own function which simply replaces cariage return / line feed characters with <br> tags for a large detail field before showing it via an asp.net page to preserve line...
0
by: Nathan Sokalski | last post by:
I am using Server.UrlEncode to make a piece of data safe to use as a QueryString. The data I am using is as follows: ratedpoem("title") Which returns the following String: "An Expression...
9
by: Mark_Rarefy | last post by:
Trying to urlencode this string: »ÁÏŒŠ˜ªŒ›h^aYh in vb.net (using either HttpUtility.UrlEncode(strEncrypted, encoding.UTF8) orServer.UrlEncode) I get:...
12
by: sleytr | last post by:
Hi, I'm trying to make a gui for a web service. Site using character in value of some fields. But I can't encode this character properly. >>> data = {'key':''} >>> urllib.urlencode(data)...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, youll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.