Problem with '

Anon

I have run into a problem that I cannot seem to make work right. Here is my code:

It's pulling the variable $product_name from a database. The problem is that the value is Burt's Bees which has an apostrophe in it. The computer thinks that I am wanting to close the value='$product_name' tag with the ' in the brand name.

When I read it into my form for editing, it displays [Burt] instead of [Burt's Bees].

I know I could change the ' to or something when reading it in, but the customer won't know why it's now Burts Bees.

Any ideas?

Thanks!!

cordex

Change ' to \'
addslashes() should do the trick.

Anon

Dosn't work - now I get Burt\ instead of Burt's Bees. It still takes the ' as the end of my tag.

Seth

Anon

I think it might depend on the database that you are using but you could try to convert the ' to ''. You can use a simple str_replace() to do this when you are storing it into the database. Then when you read from the database it should work. (This works for me and I am using MSSQL 2000)

example:

$thing = str_replace("'", "''",$thing);
store $thing into the database

Keith

Anon

Ok, it works fine when I am simply displaying the data - that's no problem - it's when I am reading the data in as a value in an <input type='text' value='$product_name' name='product_name'> form.

Seth

toma42

That's because you're making the beginner html coders mistake of using ' around html properties instead of "

change them to "$product_name" but do a
htmlspecialchars($product_name) first.

Anon

#1 - I'm FAR from a beginner HTML coder thank you - with several years behind me

#2 - PHP requires the use of ' because PHP is using the " so when I put:

echo "<input type="text">"; it will not let me do it. I have to put:

echo "<input type='text'>";

bfinucan

Hello,
You can fix that with escaped quotes:

type=\"text\"

For the other problem, htmlspecialchars() may do the trick, but then your form may urlencode those characters (even more of a problem). Try it out of course.

toma42

re #1, I thought that may be the case but my previous post is correct.

#2. No. there are many ways to display them in php. Escaping them as in \" as Brandon pointed out is one, using heredocs is another, using templates, however, is the best way.

So, here is your code written out for you:

$somevalue = htmlspecialchars($somevalue);
echo "<input value=\"$somevalue\">";

However, as I said, templates are much better. Using Smarty (http://www.phpinsider.com/php/code/Smarty/docs/) this could be:

PHP:
<?
$t = new Smarty;
$t -> assign ('somevalue', $somevalue);
$t -> display('mypage.html');
?>

HTML: