By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,292 Members | 1,354 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,292 IT Pros & Developers. It's quick & easy.

help : apostrophe/single quotation mark

P: n/a
Hi,

Sorry for this beginner's question.
I do not know PHP
and write for my friend.

He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)

Now, the problem is:

Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.

Examples are,

--------------------------

I can't do that

==I can

--------------------------.....................

The person named 'Jim' is smart.

==The person named
-----------------------------.............

Any hints?

dajava,

Mar 6 '07 #1
Share this Question
Share on Google+
9 Replies


P: n/a
dajava wrote:
Hi,

Sorry for this beginner's question.
I do not know PHP
and write for my friend.

He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)

Now, the problem is:

Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Well, you didn't give enough information, so we cannot help really.
Some questions:

What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?

What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?

If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.

And then: WHERE do these characters disappear? In a form? or as HTML?

A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>

That is wrong.

If you need " or ' in your response back to the client, make sure you call
htmlentities() around the literal part you send back as value (or in any
other inputelement-value, also textareas).

Regards,
Erwin Moller

>
Examples are,

--------------------------

I can't do that

==I can

--------------------------.....................

The person named 'Jim' is smart.

==The person named
-----------------------------.............

Any hints?

dajava,
Mar 6 '07 #2

P: n/a
dajava wrote:
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Google: mysql_real_escape_string

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Mar 6 '07 #3

P: n/a
On Mar 6, 7:05 pm, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.

Well, you didn't give enough information, so we cannot help really.
Some questions:

What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?

What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?

If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.

And then: WHERE do these characters disappear? In a form? or as HTML?

A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>

That is wrong.

If you need " or ' in your response back to the client, make sure you call
htmlentities() around the literal part you send back as value (or in any
other inputelement-value, also textareas).

Regards,
Erwin Moller


Examples are,
--------------------------
I can't do that
==I can
--------------------------.....................
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,- Hide quoted text -

- Show quoted text -- Hide quoted text -

- Show quoted text -
I forward your wild guess to him.

Let me rephrase my question
with this hypothetical example with google groups.

-----------------------------

I arrived comp.lang.php
and type a message to ask a question.

entering/editing : This is a test. Don't you like this?
previewing : This is a test. Don't you like this? ( great so far)
Now, I click on POST button.
then, what the heck,
I got this : This is a test. Don

('t you like this? : these disappeared)
-----------------------------------------------

I cannot express myself well.
I do not know PHP.
I will post reply again
when I got e-mail from my friend.

Thanks anyway.

dajava,
Mar 6 '07 #4

P: n/a
dajava wrote:
On Mar 6, 7:05 pm, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
>dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.

Well, you didn't give enough information, so we cannot help really.
Some questions:

What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?

What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?

If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.

And then: WHERE do these characters disappear? In a form? or as HTML?

A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>

That is wrong.

If you need " or ' in your response back to the client, make sure you
call htmlentities() around the literal part you send back as value (or in
any other inputelement-value, also textareas).

Regards,
Erwin Moller


Examples are,
--------------------------
I can't do that
==I can
--------------------------.....................
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,- Hide quoted text -

- Show quoted text -- Hide quoted text -

- Show quoted text -

I forward your wild guess to him.

Let me rephrase my question
with this hypothetical example with google groups.

-----------------------------

I arrived comp.lang.php
and type a message to ask a question.

entering/editing : This is a test. Don't you like this?
previewing : This is a test. Don't you like this? ( great so far)
Now, I click on POST button.
then, what the heck,
I got this : This is a test. Don
Hi,

This is part that needs more words/a better description:
"I got this : This is a test. Don"

My problem is: 'I got this.'.
My exect problem is 'got'.

WHAT did you get WHERE?

Did the browser after submitting say that?
Or did it appear like that in some newsgroup?

In case of browser: Did the text appear like that in an input-element? Or as
plain HTML?
Did you look at the source of the HTML? (rightmousebutton on the offending
page and select 'view source'.)

You should give us that information, or you will be stuck with my 'wild
guesses'.
;-)
>
('t you like this? : these disappeared)
-----------------------------------------------

I cannot express myself well.
Keep trying. :-)
I do not know PHP.
That is a problem when discussing a PHP problem. Seriously, you, or your
friend, should know roughly what he is doing.
I will post reply again
when I got e-mail from my friend.
OK

Regards,
Erwin Moller
Thanks anyway.

dajava,
Mar 6 '07 #5

P: n/a

This is what he wrote to me yesterday.

------------------------------------------------------

' in code means end of line. therefore, ' and the rest of the senteces
were truncated.
Prewiewing is OK. But, the whole sentence will not saved into DB.

--------------------------------------------------------

and i found the source code.

<?

//
if(($write==3 || $write==11) && $writer != "" && $password != "" &&
$contents != "")
{
if($write==3 && $title != "") //
{
//
$query = "select * from Dora_Board order by no desc limit 0 ,
1";
@$result = mysql_query($query, $Dora_DB);
@$data = mysql_fetch_array($result);

if(strlen($title)>=100) //
{
$title_leng=100; //

if(strstr(substr($data[1], 0, 100), " "))
$title_leng = $title_leng - 2;

$data[1] = substr($data[1], 0, $title_leng);
}

if($title != $data[1]) //
{
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";

@$result = mysql_query($query, $Dora_DB);
}
}
elseif($write==11 && $no != "") //
{
//
$query = "select * from Dora_Board where no='" . $no . "'";
@$result = mysql_query($query, $Dora_DB);
@$data = mysql_fetch_array($result);

//
$query = "select * from Dora_Reply order by no desc limit 0 ,
1";
@$result = mysql_query($query, $Dora_DB);
@$data_r = mysql_fetch_array($result);

if($contents != $data_r[4] || $writer != $data_r[2]) //
{
if($data[7] == 0 || $data[7] == "") //
$data[7] = 1; //
elseif($contents != $data_r[4]) //
$data[7] = $data[7]+1; //

//
$query = "update `Dora_Board` set `Reply` = '" . $data[7] .
"' where `no` = '" . $no . "' Limit 1";
@$result = mysql_query($query, $Dora_DB);

//
$query = "INSERT INTO `Dora_Reply` (`Main_no` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (integer)$no . "', '" .
(string)$writer . "', '" . $password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";

@$result = mysql_query($query, $Dora_DB);
}
}
}

//
elseif(($write==6 || $write==14) && $writer != "" && $password != ""
&& $contents != "" && $no != "")
{
if($write==6 && $title != "" && $closed == "")
{
$query = "UPDATE `Dora_Board` SET `no` = '" . $no . "', `Title`
= '" . $title . "', `Writer` = '" . $writer . "', ";
$query = $query . "`Contents` = '" . $contents . "' WHERE `no`
=" . $no . " LIMIT 1";
}
elseif($write==14 && $ro != "")
{
$query = "UPDATE `Dora_Reply` SET `no` = '" . $ro . "', `Writer`
= '" . $writer . "', ";
$query = "`Contents` = '" . $contents . "' WHERE `no` =" . $ro .
" LIMIT 1";
}
@$result = mysql_query($query, $Dora_DB); //μž…λ*₯ 쿼리 μ‹€ν–‰
}

// )
elseif(($write==8 || $write==16) && $no !="" && $password != "")
{
//.
$query = "select * from Dora_Board where no='" . $no . "'";
@$result = mysql_query($query, $Dora_DB);
@$data = mysql_fetch_array($result);

//
if($write==8 && $data[3] == crypt($password, 'μ”¨μ•—ν‚€μ›Œλ“œ') && $data[7]
== "" || $data[7] == "0")
{
$query = "delete from `Dora_Board` where `no` = '" . $no .
"'";
@$result = mysql_query($query, $Dora_DB);
}

//
elseif($write==16 && ro != "")
{
//
$query = "select * from Dora_Reply where no='" . $ro . "'";
@$result = mysql_query($query, $Dora_DB);
@$data_r = mysql_fetch_array($result);

//
if($data_r[3] == crypt($password, '씨앗 ν‚€μ›Œλ“œ'))
{
$query = "delete from `Dora_Reply` where `no` = '" . $ro .
"'";
@$result = mysql_query($query, $Dora_DB);

//
$data[7] = $data[7] -1;
$query = "update `Dora_Board` set `Reply` = '" . $data[7] .
"' where `no` = '" . $no . "' Limit 1";
@$result = mysql_query($query, $Dora_DB);
}
}
}

include("./board.php"); //

?>
dajava,

Mar 6 '07 #6

P: n/a
dajava wrote:
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";
As I said -- mysql_real_escape_string(). Replace the above with:

$query = sprintf("INSERT INTO Dora_Board (Title, Writer, Password, Contents, Date, Ip)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_escape_string($title),
mysql_real_escape_string($writer),
mysql_real_escape_string($password),
mysql_real_escape_string($contents),
mysql_real_escape_string($date),
mysql_real_escape_string($ip));

There are several other chunks of code that need rewriting similarly, but
that should fix the immediate problem.

If you don't fix these problems your site is open to being cracked by
nasty people. Yes, really.

Google: mysql_real_escape_string.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Mar 6 '07 #7

P: n/a
On Mar 7, 6:48 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
dajava wrote:
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";

As I said -- mysql_real_escape_string(). Replace the above with:

$query = sprintf("INSERT INTO Dora_Board (Title, Writer, Password, Contents, Date, Ip)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_escape_string($title),
mysql_real_escape_string($writer),
mysql_real_escape_string($password),
mysql_real_escape_string($contents),
mysql_real_escape_string($date),
mysql_real_escape_string($ip));

There are several other chunks of code that need rewriting similarly, but
that should fix the immediate problem.

If you don't fix these problems your site is open to being cracked by
nasty people. Yes, really.

Google: mysql_real_escape_string.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Hi,

I received an e-mail form him a moment ago.
He fixed the ' problem based on your advice.

Two comments of mine:
1.
mysql_real_escape_string is not part of PHP 4.0
Therefore, he did some researches on internet
and found out that it is part of PHP 4.3.
2. He just used your codes,
he doesn't know rational behind mysql_real_escape_string. Lol...

I would like to thank Erwin and Tony for helping my frined.

dajava,

Mar 11 '07 #8

P: n/a
dajava wrote:
he doesn't know rational behind mysql_real_escape_string.
The rationale is thus:

The apostrophe character (') has a special meaning in SQL in that it
delimits (i.e. marks the beginning and end of) text. For example:

UPDATE my_table SET my_col='Hello World!';

Now, imagine that your text contains an apostrophe:

UPDATE my_table SET my_col='It's Raining Men';

Because the apostrophe is used to mark the end of some text, the above is
interpreted by the SQL engine as:

UPDATE my_table SET my_col='It'

with some spurious text after it.

mysql_real_escape_string(), and equivalent functions for other databases,
is used to encode the apostrophes (and other special characters) to make
them safe to use in SQL.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Mar 11 '07 #9

P: n/a
dajava wrote:
mysql_real_escape_string is not part of PHP 4.0
Therefore, he did some researches on internet
and found out that it is part of PHP 4.3.
I believe there is an older mysql_escape_string() in some versions of PHP.

Also, for many purposes the addslashes() function will suffice, and that's
been part of PHP for many moons.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Mar 11 '07 #10

This discussion thread is closed

Replies have been disabled for this discussion.