Hi everyone. I'm having an issue which i can't seem to get around. I built a website in which you can post a news article. After submitting the post it gets entered into the database and gets pulled dynamically on the page. I have an edit function so people can edit their content and spelling. On the edit page when i try to pull the title for example, if any words in the string have quotes around it, the string gets cut and I can't seem to pull the entire string. If i get rid of the quotes around any specific word it works fine. I tried a replace function but you can't have 1 set of quotes in the script. Please advise. Thanks
Subscribe to HRA Now!
Are you a Google Analytics enthusiast?
Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE!
www.CustomReportSharing.com
From the folks who brought you High Rankings!
More SEO Content
International SEM | Social Media | Search Friendly Design | SEO | Paid Search / PPC | Seminars | Forum Threads | Q&A | Copywriting | Keyword Research | Web Analytics / Conversions | Blogging | Dynamic Sites | Linking | SEO Services | Site Architecture | Search Engine Spam | Wrap-ups | Business Issues | HRA Questions | Online Courses
Sponsored Content
Php Problem
Started by
heyman
, Jan 30 2005 06:29 PM
6 replies to this topic
#2
Randy
-
- Moderator
-
- 17,540 posts
Convert Me!
Posted 30 January 2005 - 06:49 PM
This depends a bit upon the setup of your server and if magic_quotes is enabled or disabled. I'm going to assume from your question that magic_quotes is disabled.
Now I'm also assuming you want to maintain the quotes, so it's going to be a bit of a two-step process.
First you need to use addslahes so that stuff like the " and ' charactrs are escaped before dropping them in your database. So something like:
That'll get the full text string into your database, with the additional backslashes to escape those charaters that need it.
Then when retrieving the data back into a page, you'll want to strip those extra slashes back out of your string. So:
Or you could always just turn magic_quotes_gpc on and avoid all of that fun.
Many php developers who have no idea where their code will end up set up little functions to test for magic quotes. But if you're designing for a single environment that shouldn't be needed.
Now I'm also assuming you want to maintain the quotes, so it's going to be a bit of a two-step process.
First you need to use addslahes so that stuff like the " and ' charactrs are escaped before dropping them in your database. So something like:
CODE
$string = addslashes($string);
That'll get the full text string into your database, with the additional backslashes to escape those charaters that need it.
Then when retrieving the data back into a page, you'll want to strip those extra slashes back out of your string. So:
CODE
$string = stripslashes($string);
Or you could always just turn magic_quotes_gpc on and avoid all of that fun.
Many php developers who have no idea where their code will end up set up little functions to test for magic quotes. But if you're designing for a single environment that shouldn't be needed.
#3
heyman
-
- Active Members
-
- 53 posts
HR 3
Posted 30 January 2005 - 07:30 PM
Thank you for the response. I did a phpinfo() test and found this about magic quotes.
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
I not sure what sybase is? But if magic quotes is on and this is still an issue, am i forced to use the addslashes function?
Thanks
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
I not sure what sybase is? But if magic quotes is on and this is still an issue, am i forced to use the addslashes function?
Thanks
#4
Randy
-
- Moderator
-
- 17,540 posts
Convert Me!
Posted 30 January 2005 - 09:17 PM
It's going to get complicated because there are different times you need to use each and other times that you won't want to or you'll end up double escaping characters. It gets even more complicated because some hosts disable the ini_set() feature. In that case even though mq_qpc is turned ON you would still need to use stripslashes() for superglobals.
The problem is that there are too many variables in the mix for me to give one stock answer. The best thing to do is test it on your server to see what works and what doesn't.
I'll link to the php.net pages for both for your reference, because basically they're a pain in the tush. Especially when you start considering different server and database configurations.
addslashes()
stripslashes()
Generally speaking, when magic_quotes-gpc is turned ON (as it is on most servers) you shouldn't need to use addslashes if you're doing a GET, POST or inserting data into a cookie. However you probably will need it to insert data into your database in order to make sure certain characters are escaped. If you don't your db entry is likely going to get truncated, just as you've described.
In theory, you shouldn't have to stripslashes() when retrieving info from your database because gpc is already turned on. But that doesn't always turn out to be the case.
Given what you've described, I would first try addslashes() when inserting the info into your database, but don't stripslashes() when retrieving it. That should work with a typical setup that you've described and keep from using any extra processing power for something that isn't needed.
If it doesn't you'll know it right away when you echo the variable after retrieving it from your database.
The problem is that there are too many variables in the mix for me to give one stock answer. The best thing to do is test it on your server to see what works and what doesn't.
I'll link to the php.net pages for both for your reference, because basically they're a pain in the tush. Especially when you start considering different server and database configurations.
addslashes()
stripslashes()
Generally speaking, when magic_quotes-gpc is turned ON (as it is on most servers) you shouldn't need to use addslashes if you're doing a GET, POST or inserting data into a cookie. However you probably will need it to insert data into your database in order to make sure certain characters are escaped. If you don't your db entry is likely going to get truncated, just as you've described.
In theory, you shouldn't have to stripslashes() when retrieving info from your database because gpc is already turned on. But that doesn't always turn out to be the case.
Given what you've described, I would first try addslashes() when inserting the info into your database, but don't stripslashes() when retrieving it. That should work with a typical setup that you've described and keep from using any extra processing power for something that isn't needed.
If it doesn't you'll know it right away when you echo the variable after retrieving it from your database.
#5
Randy
-
- Moderator
-
- 17,540 posts
Convert Me!
Posted 30 January 2005 - 09:18 PM
Oh, and if memory serves sybase relates to Oracle databases. But don't quote me on that. I'm old and it's Sunday evening here.
#6
heyman
-
- Active Members
-
- 53 posts
HR 3
Posted 30 January 2005 - 09:25 PM
Randy thanks for your help, at least I have a direction to go in now.
#7
Ron Carnell
-
- Moderator
-
- 959 posts
HR 6
- Location:Michigan USA
Posted 31 January 2005 - 07:04 AM
Sybase is a RDBMS in the same ballpark as Oracle, but not otherwise related. It's essentially a competitor. It needs a separate PHP setting because, unlike other databases, it escapes with a single quote instead of a slash.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
