hii,
I am storing form data into database and later i gve admin the option of editing the content of it by means of a form ..there is a small problem with ' .ie when ever there is a date like test's in database....while fetching its fetches properly but while displaying its giving a prob like it just prints test and nothing after it the ' is giving a prob.
this is the php command ...any change needs to be make here
[PHP]print("<td><input name='Description' type=text size=80 value='" . $test[$nr][Description] . "'></td>");[/PHP]
this displays only test
but if i give print_r($test[$nr][Description]);
its displays full test's
wht changes need to be made in print statement..
Thanks,
pradeep
6 1248 dlite922 1,584
Recognized Expert Top Contributor
hii,
I am storing form data into database and later i gve admin the option of editing the content of it by means of a form ..there is a small problem with ' .ie when ever there is a date like test's in database....while fetching its fetches properly but while displaying its giving a prob like it just prints test and nothing after it the ' is giving a prob.
this is the php command ...any change needs to be make here
[PHP]print("<td><input name='Description' type=text size=80 value='" . $test[$nr][Description] . "'></td>");[/PHP]
this displays only test
but if i give print_r($test[$nr][Description]);
its displays full test's
wht changes need to be made in print statement..
Thanks,
pradeep
MySQL will always return what you query it at. What you gave us, was not MySQL but the PHP code to display the result.
What's your query?
But that's besides the point, You INSERTION into the database is wrong.
Please use mysql_real_escape_string() function on all variables before inserting them into the MySQL database. (If MySQL is what you're using)
Let us know,
Dan
Hey in database its storing properly ..but while displaying its not displaying.this is the display command.
[PHP]print("<td><input name='Description' type=text size=80 value='" . $test[$nr][Description] . "'></td>");[/PHP]
in this its giving problem..
thanks,
Pradeep
Atli 5,058
Recognized Expert Expert
The problem there is that you are creating invalid HTML output.
That is, consider this: -
<?php
-
$string = "Test's";
-
echo "<input type='text' value='$string' />";
-
-
# Produces:
-
# <input type='text' value='Test's' />
-
?>
-
As you see, the apostrophe in Test's is causing the value of the "value" parameter to close early, leaving s' outside it. *Luckily* most browsers will recover from this syntax error and only show "Test".
What you need to do is escape the extra apostrophe, so the browser will know it is not meant to close the string. -
<?php
-
$string = str_replace("'", "\\'", "Test's");
-
echo "<input type='text' value='$string' />";
-
-
# Produces:
-
# <input type='text' value='Test\'s' />
-
?>
-
Which should be rendered correctly by the browser.
Is there any other way of doing it bcos my lot many forms are running and i need to do it faster..
try to output the value using htmlentities() and the ENT_QUOTES param.
[php]
<?php
echo '<input name="foo" type="text" value="',htmlentities($str, ENT_QUOTES),'" />';
?>
[/php]
also look at htmlspecialchars(), it may help.
thanks a lot both of them work fine..
[PHP]<?php
function htmlspecialchars_array($arr = array()) {
$rs = array();
while(list($key,$val) = each($arr)) {
if(is_array($val)) {
$rs[$key] = htmlspecialchars_array($val);
}
else {
$rs[$key] = htmlspecialchars($val, ENT_QUOTES);
}
}
return $rs;
}
$test=htmlspecialchars_array($test);
?>
[/PHP]
i used this script so tht it checks at the beginning!!!!..
thanks
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Dave Moore |
last post by:
Hi All,
Can anybody point me to a FAQ or similar that describes what all this
stuff is about please?. I'm interfacing with a MySQL database if that's
relavent. I've read a couple of books which...
|
by: Aloysio Figueiredo |
last post by:
I need to replace every ocurrence of '/' in s by '\/'
in order to create a file named s. My first attempt
was:
s = '\/'.join(s.split('/'))
but it doesn't work:
>>> s = 'a/b'
>>> s =...
|
by: felciano |
last post by:
Hi --
I am trying to use the csv module to parse a column of values
containing comma-delimited values with unusual escaping:
AAA, BBB, CCC (some text, right here), DDD
I want this to come...
|
by: bobbyballgame |
last post by:
I am having a problem calling Stored Procedures:
....
dim MyValue, MyOtherValue
MyValue = "Bobby's value"
MyOtherValue = Bobby's other value"
rs.Open "exec MyStoredProc """ & MyValue &...
|
by: Joe Price |
last post by:
Hi all
I've formatted one of my xml files for viewing through a web browser
using xsl.
It works fine in Internet Explorer, however when I use Netscape6 or
Opera to view the same page the...
| |
by: Geoff Caplan |
last post by:
Hi folks,
The thread on injection attacks was very instructive, but seemed to
run out of steam at an interesting point. Now you guys have kindly
educated me about the real nature of the issues,...
|
by: Jon |
last post by:
Hi,
I used XslCompiledTransform with the following Xsl file. The <xsl:text
disable-output-escaping="yes"does not work when using XslCompiledTransform
to do the trnasform (namely the output...
|
by: Taras_96 |
last post by:
Hi everyone,
I'm having a bit of trouble understanding the purpose of escaping
nulls, and the use of addcslashes.
Firstly, the manual states that:
"Strictly speaking, MySQL requires only...
|
by: David Henderson |
last post by:
I know 'disable-output-escaping' has been discussed in the past, but I can't
put my finger on any of the threads to see if my current problem is
addressed. Sorry for re-asking the question if it...
|
by: C C++ C++ |
last post by:
what is an escaping variable?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |