Passing Variables <input type="hidden&quot

Anon

I have a strange problem, have no Idea where to look in manual for answer hope the gurus of PHP can help.

The Problem:

I am creating a 2 variables from a <input type="text">

**********form 1 create variables**************
<form ENCTYPE="multipart\form-data" method="post" action="form_test_2.php">
<input type="text" name="variable_1">
<input type="text" name="variable_2">
<input type="submit">

Once I press submit the created variables go to form 2, Inside of form 2 the variables are inserted into <input type="hidden"> for processing to final script
**********form 2 pass variables to final script for DB insert**************
<form ENCTYPE="multipart\form-data" method="post" action="test_update.php">
<input type="hidden" name="variable_1" value="<?echo variable_1?>">
<input type="hidden" name="variable_2" value="<? echo $variable_2?>">

In the final script PHP should INSERT these variables into the database via SQL

************final script*************
$variable_clean=stripslashes($variable_1);

mssql_query("INSERT INTO temp_approval (document_title, document_number)
VALUES ('$variable_clean', '$variable_2')
");

*****************conclusion************

everything works fine unless the variable contains quotation marks "", If the variable contains these quotes the database inserts empty value into the data field in the DB

**************specs*****************
I am using PHP 4.02, MSSQL Server 7.0

Whats the problem?

Thanks

Anon

Try:

Anon

If you view the html source of form 2, is the variable still there ?

Is the mysql_query() inside a function, because if it is you should use the global statement.

Is your database field of the right type , maybe your trying to insert a string type into an integer field or something...

btw you forgot the $ in the second form <?echo variable_1?> should be <?echo $variable_1?>

Anon

I believe you have to use
addslashes($variable);
this adds back slashes before " marks in the string.

According to the PHP documentation the 'addslashes' functino does the following:

"Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash () and NUL (the null byte)."
This should help.

-Dave

seidel

The solution is as folows if you pass via <input type="hidden"> you have to use the urlencode() function inside the hidden field

after you pass you have to use urldecode(variable) before INSERTING, or you will insert a encoded $string like this %bgb%hj%jkj%jkj%

Thought you would all like to know, I spent 4 hours testing every string function and this is the best way to do it(unless you can show prove me wrong 🙂