ok, I have a field in the db and a text field for the title. I user the following regexp to check the characters
That works great. The trouble I have is that the site is hosted and I cannot turn off magic_quotes. So if I do nothing else with the text and it has a " in it it goes into the database fine. The trouble comes when I want to allow the user to edit it.PHP Code:if (!ereg('^[a-zA-Z0-9.:\'\" ]+$', $title))
I just pull out the value and use
for the text box to show the current value and allow the user to edit. I do not do any add or strip slashes up to this point now have I anywhere else.PHP Code:value="<?php echo($abstract->title); ?>">
The problem is that if I end the title in " they don't show up in the text field. It seems like it is ending the form field early and it is not escaped.
The title is this test value: here is an: 'idea"
and if I leave it like that what I get in the text box is here is an: 'idea
So I thought I would try addslashes to excape the double quote at the end...that only left me with... here is an: \\\'idea\\\
Does anyone know how I can get this to work right. I cannot change the magic_quotes so I need to work on it manually I guess. I just am not sure if I should be trying to put in quotes somehow before I enter the data in the database, after I pull it out or what...
Thanks for the help. I am running out of hair to pull out.
Bookmarks