SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    Can we go to a 48 hour day?
    Join Date
    May 2002
    Location
    MI
    Posts
    906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    please help me get these slashes taken care of

    ok, I have a field in the db and a text field for the title. I user the following regexp to check the characters
    PHP Code:
    if (!ereg('^[a-zA-Z0-9.:\'\" ]+$'$title)) 
    That works great. The trouble I have is that the site is hosted and I cannot turn off magic_quotes. So if I do nothing else with the text and it has a " in it it goes into the database fine. The trouble comes when I want to allow the user to edit it.

    I just pull out the value and use
    PHP Code:
     value="<?php echo($abstract->title); ?>">
    for the text box to show the current value and allow the user to edit. I do not do any add or strip slashes up to this point now have I anywhere else.

    The problem is that if I end the title in " they don't show up in the text field. It seems like it is ending the form field early and it is not escaped.

    The title is this test value: here is an: 'idea"
    and if I leave it like that what I get in the text box is here is an: 'idea
    So I thought I would try addslashes to excape the double quote at the end...that only left me with... here is an: \\\'idea\\\

    Does anyone know how I can get this to work right. I cannot change the magic_quotes so I need to work on it manually I guess. I just am not sure if I should be trying to put in quotes somehow before I enter the data in the database, after I pull it out or what...

    Thanks for the help. I am running out of hair to pull out.
    mitechie.com
    "Techies just think a little differently
    ...at least that is what they keep telling me."

  2. #2
    ********* Genius Mike's Avatar
    Join Date
    Apr 2001
    Location
    Canada
    Posts
    5,458
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Even if you don't have access to the php.ini file, they should allow .htaccess files, almost all hosts do.

    Enter this in your .htaccess file:

    php_flag magic_quotes_gpc off
    Mike
    It's not who I am underneath, but what I do that defines me.

  3. #3
    Can we go to a 48 hour day?
    Join Date
    May 2002
    Location
    MI
    Posts
    906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    would I have to do that for each directory?
    mitechie.com
    "Techies just think a little differently
    ...at least that is what they keep telling me."

  4. #4
    ********* Genius Mike's Avatar
    Join Date
    Apr 2001
    Location
    Canada
    Posts
    5,458
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    no, just the main one.
    Mike
    It's not who I am underneath, but what I do that defines me.

  5. #5
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this doesn't sound like a magic_quotes or addslashes() issue, but an HTML one. where you put the value in the form, use htmlspecialchars():

    PHP Code:
    value="<?php echo htmlspecialchars($abstract->title); ?>">
    - Matt ** Ignore old signature for now... **
    Dr.BB - Highly optimized to be 2-3x faster than the "Big 3."
    "Do not enclose numeric values in quotes -- that is very non-standard and will only work on MySQL." - MattR

  6. #6
    Can we go to a 48 hour day?
    Join Date
    May 2002
    Location
    MI
    Posts
    906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I ended up useing an ereg_replce to replace the quotes with &quot; and single quotes with &#38;

    The problem I had using htmlspecialchar was that if I pulled up the text a second time after an initial edit it would conver the & in &quot to &amp and then I would not get the quot in the text box. So I had to use the ereg_replace to ONLY replace quotes and not the rest of the things that htmlspecialchar catches.
    mitechie.com
    "Techies just think a little differently
    ...at least that is what they keep telling me."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •