Passing variable containing inverted commas (")?

rupertbj

Ok, I have the following in a php script:

							<a href=\"#\" onClick=\"window.open('display.php?fupload=$fupload&name=$name&materials=$materials&status=$status&size=$size')\"><img src=\"/images/archive/$tupload\"></a>

Now how do I deal with the variable size where entries are like: 20" x 20" (i.e. they have exclamation marks in them).

stolzyboy

check out

http://www.php.net/urlencode

and

http://www.php.net/urldecode

rupertbj

This is the script I am using, but how do i escape the quotation marks? I have read and tried out urlenconde / urldecode to no avail. Is there a simpler solution to make the script ignore the quotation marks within the variable?

        <?php
		$db = "gallery";
		$link = mysql_connect( "user", "pass" );
		if ( !$link ) die( "Couldn't connect to MySQL".mysql_error() );
		mysql_select_db( $db, $link ) or die( "Couldn't open $db: ".mysql_error() );
		$sql = "SELECT * FROM galleryTable WHERE tour = '$page' ORDER BY id DESC";
		$result = mysql_query( $sql, $link );
		while ( $newArray = mysql_fetch_array($result) )
			{
			$id = $newArray['id'];
			$status = $newArray['status'];
			$name = $newArray['name'];
			$materials = $newArray['materials'];
			$size = $newArray['size'];
			$fupload = $newArray['fupload'];
			$tupload = $newArray['tupload'];
			print "
				<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
					<tr>
						<td valign=top width=\"40%\">
							<a href=\"display.php?fupload=$fupload&name=$name&materials=$materials&status=$status&size=$size\"><img src=\"/images/archive/$tupload\"></a>
						</td>
						<td valign=bottom width=\"60%\"><p class=smalltext>$name<br>$materials<br>$size<br>$status</p></td>
					</tr>
				</table><hr noshade color=#000000>
			";
			}
		mysql_close( $link );
		?>

stolzyboy

oh escape quotes when someone inputs them like in this "forum"

check out

http://www.php.net/stripslashes

and

http://www.php.net/addslashes

and

http://www.php.net/htmlspecialchars

rupertbj

Thanks - htmlspecialchars works a treat:

        <?php
		$db = "gallery";
		$link = mysql_connect( "user", "pass" );
		if ( !$link ) die( "Couldn't connect to MySQL".mysql_error() );
		mysql_select_db( $db, $link ) or die( "Couldn't open $db: ".mysql_error() );
		$sql = "SELECT * FROM galleryTable WHERE tour = '$page' ORDER BY id DESC";
		$result = mysql_query( $sql, $link );
		while ( $newArray = mysql_fetch_array($result) )
			{
			$id = $newArray['id'];
			$status = $newArray['status'];
			$name = $newArray['name'];
			$materials = $newArray['materials'];
			$size = $newArray['size'];
			$size = htmlspecialchars($size); 
			$fupload = $newArray['fupload'];
			$tupload = $newArray['tupload'];
			print "
				<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
					<tr>
						<td valign=top width=\"40%\">
							<a href=\"display.php?fupload=$fupload&name=$name&materials=$materials&status=$status&size=$size\"><img src=\"/images/archive/$tupload\"></a>
						</td>
						<td valign=bottom width=\"60%\"><p class=smalltext>$name<br>$materials<br>$size<br>$status</p></td>
					</tr>
				</table><hr noshade color=#000000>
			";
			}
		mysql_close( $link );
		?>

and i used stripslashes to escape the slashes that exist in the page that the link called:

<?php $size = stripslashes($size); print " $size "; ?>