SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Zealot dragonfly7's Avatar
    Join Date
    May 2003
    Location
    ontario
    Posts
    156
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy Apostrophe from database stopping javascript!?!

    Hello - we had someone write this script for us a few years ago and we thought it was working fine until this week. It uses javascript to generate a dependant drop down menu eg. Depending on what the user chooses in the first drop down menu, (in this case a manual/book title) the second drop down displays the chapter/category headings that are available within that manual and then the users uploads a file that appears under that heading.

    If our user adds a chapter/category heading with an apostrophe in it the script quits and the second drop down does not display the corresponding chapter headings.

    We are storing the info in a mysql database and use php and javascript to extract the data/build the drop down menus.

    Here is the javascript code:
    [code]
    $query = "SELECT * from manuals order by manual";
    $result = mysql_query ($query);

    echo "<SCRIPT LANGUAGE='JavaScript'>";

    while($row=mysql_fetch_array($result))
    {
    echo "\nvar arr".$row['mid']."Array = new Array(\"('Select Chapter')\",";
    $result1=mysql_query("select * from manuals_category Where mid='".$row['mid']."' order by display, category ASC");
    $num=mysql_num_rows($result1);
    $i=0;
    while($row1=mysql_fetch_array($result1))
    {

    $i++;
    echo "\n\"('". $row1['category'] . "'," . $row1['mcid'];
    if($i<$num) echo ")\",";
    else echo ")\")";
    }
    }

    $query = "SELECT * from manuals_subsets order by subset";
    $result=mysql_query($query);

    while($row=mysql_fetch_array($result))
    {
    echo "\nvar arr".$row['msid']."Array = new Array(\"('Select Chapter Heading')\",";

    $result1=mysql_query("select * from manuals_category Where msid='".$row['msid']."' order by display, category ASC");
    $num=mysql_num_rows($result1);
    $i=0;
    while($row1=mysql_fetch_array($result1))
    {
    $i++;
    if ($row1['mcid'] == $category)
    {
    echo "\n\"('". $row1['category'] . "'," . $row1['mcid'] . ",true,true";
    }
    else
    {
    echo "\n\"('". $row1['category']. "'," .$row1['mcid'];
    }
    if($i<$num) echo ")\",";
    else echo ")\")";
    }
    }

    echo "
    function populateList(inForm,selected)
    {
    var selectedArray = eval(selected + \"Array\");
    while (selectedArray.length < inForm.category.options.length)
    inForm.category.options[(inForm.category.options.length - 1)] = null;

    for (var i=0; i < selectedArray.length; i++)
    {
    eval(\"inForm.category.options[i]=\" + \"new Option\" + selectedArray[i]);
    }
    }";

    echo "</script>";

    [ /code]

    Here is the php code that generates the 2nd select menu with the chapter headings:

    PHP Code:
    <select name="category">
        <option value=''>Select Table of Contents Heading</option>
        
    <?
        
    if ($manuals 0)
        {
            
    $result1=mysql_query("select * from manuals_category Where mid='" $manuals "'");    

            if (
    $manuals >= 1000)
            {
                
    $result1=mysql_query("select * from manuals_category Where msid='" $manuals "'");
            }
        
            while(
    $row1=mysql_fetch_array($result1))        
            {
                if (
    $row1['mcid'] == $category)
                {
                    echo 
    "<option value=" .stripslashes($row1['mcid']) . " selected>" stripslashes($row1['category']);
                }
                else
                {
                    echo 
    "<option value=" .stripslashes($row1['mcid']) . ">" .stripslashes($row1['category']);
                }
            }    
        }
    ?>    
    </select>
    We tried to use the addslashes and stripslashes php functions but can't get them to work, we also tried adding \' into the chapter title record in the database (eg. Chapter one - O\'Malleys Journey) to see if that would work but had no luck with that either.

    Can anyone help? We can post the entire script if someone wants more info.
    Thanks!

  2. #2
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,343
    Mentioned
    192 Post(s)
    Tagged
    4 Thread(s)

    Javascript will see apostrophe as a closing quote

    You could replace the apostrophe with
    HTML Code:
    & # 39 ;
    (apersand pound 39 semicolon) {eliminate the spaces I added for the forum software to display it properly}
    But I am not sure that will display as expected within a dropdown control.
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Git is for EVERYONE
    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains

  3. #3
    SitePoint Zealot dragonfly7's Avatar
    Join Date
    May 2003
    Location
    ontario
    Posts
    156
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the suggestion, we tried it and the drop down functioned properly but the text in the menu appeared as apersand pound 39 semicolon rather than an apostrophe which isn't really user friendly.

    Because our client is entering the data we need to find a way to automatically replace the apostrophe or escape it automatically as we can't really ask them to type in apersand pound 39 semicolon every time they want to use an apostrophe

    We have used the addslashes function in php and it solved this problem but with the added javascript in this code it seems to be more difficult.

    Any other ideas?

  4. #4
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,343
    Mentioned
    192 Post(s)
    Tagged
    4 Thread(s)
    It appears you have only one choice:
    Use Javascript validation to modify the text before it is submitted to the database; replacing all apostrophes with some unique sequence of characters.
    That means, also, your PHP will need to 'decode' the data as it comes out of the database.
    Can you impose a rule on your users to NOT use that character? Javascript validation could enforce the rule.
    There may be another solutions and I hope someone else will speak up on this thread.
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Git is for EVERYONE
    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •