Quotes, Passing Fields Problem

Anon

I have an application that takes values from the user in text fields and passes them to the next page, which passes them in hidden fields to a final page where these values are mailed off.

The problem I'm encountering is it seems every time I try and pass the values to the third page, if any of the values have any combination of single or double quotes it screws up the whole value. In fact, even the second page if I change the hidden to text field it shows the value up to the quotation mark and the rest is missing. How can I pass the whole value when it contains quotes? I've tried every combination of addslashes() stripslashes() and everything (at least I think I've tried everything 🙂

Thanks in advance,
Ben

Anon

I'm not quite sure I understand you. But I hope I can shed some light on the issue. I assume you're tried parsing the quotes to ascci values (ie. "&#034"). Also, if you're using the get or post methods you wont need (and shouldn't use) quotes to define the text. Just use a "+" where the spaces are.

cyberfiche

Anon

mmm - not sure on either parsing into ascii or what you mean by + in the spaces... could you give me more details on those methods?

Thanks!
Ben

Anon

I have several scripts that follow the same logic as yours. What I do is create a function called cleanup:

function cleanup ($arg) {
foreach ($arg as $key => $value) {
$value = strip_tags ($value);
$value = stripslashes ($value);
$value = htmlspecialchars ($value);
$value = trim ($value);
$arg[$key] = $value;
}
return $arg;
}

clean takes any array as it's argument ($arg) and cleans it up for display and reinsertion into hidden form fields. I just run cleanup() right before I need to output any submitted data:

$POST = cleanup ($POST);

one of the lines in cleanup is htmlspecialchars which turns all double quotes into " so it will display properly.

Anon

sure ...
For parsing into ascci you'll want to use some sort of regular expresion. I'm not sure of the exact function or the syntax, but look under "ereg" or "regular expressions" in the manual. with the function you'll be able to swap the quote for another sting value. In this case you'll swap it for &#034. When the browser reads the ampersand, it'll transform the text right after it. The pound symbol then tells the browser to convert the following number to its ascci symbol (which is the quote). If you don't want to have visible quotes in the final string, you can leave them out all together. The GET method in a form shows this nicely. Let's say you have a couple of text boxes, for example. We'll name one FOO and the other BAR. You enter the value of "snafu" (without the quotes) in the the FOO box and "this is a text box" into the BAR box. When you submit the form, a single string containing all the text box names and values is sent to the next page. That string in this case will be "FOO=snafoo&BAR=this+is+a+text+box" (The quotes are not sent.) On some browsers, quotes in this string can throw things off. Make sure the values in the hidden fields on the second page don't contain quotes. If they do, use JavaScript to convert them to HTML ascci format. (It's about the same as in php.)

cyberfiche