punctuation...

damascusdesign

it seems that the majority of my problems are coming through as a result of punctuation.

i think that when i'm adding a new record and it includes either " or ' it messes up the script somehow.

i was wondering if there was a way around this - or if i need to get my users to type without that kind of punctuation.

thanks

DeltaRho2K

Take a look at the php manual for the following two functions:
addslashes() and stripslashes()

damascusdesign

wonderful.

it all makes sense now - it's just going to take me a while to figure out how to make that all work. i need to read the manual.

thanks a bunch!

DeltaRho2K

The best thing to do is to combine the functions...
Basically, what it does is find all of those backslashes, doublequotes and single quotes, and adds slashes. Then it goes and removes the slashes, so the symbols themselves stay intact.
Otherwise, php can and will screw up when parsing the strings, because of how php interprets what a quote is and is for...

If you start dealing with HTML characters, then go back into the manual and look at htmlspecialchars()

<?

$messy = "This ain't goin' into my DB right, and it ain't comin' out right.";

$cleaned = stripslashes(addslashes($messy));

echo $cleaned;

// Output:  This ain't goin' into my DB right, and it ain't comin' out right.
?>

laserlight

Actually, that is not very efficient.

If magic_quotes_gpc is set to 1, incoming variables would already be escaped.
As such, you dont need to use addslashes().

I suggest

//for storage to database
function prepIn($input) {
	$input = trim($input);
	if (!get_magic_quotes_gpc()) {
		return addslashes($input);
	}
	return $input;
}

//for o/p to html page, textbox or textarea
function prepOut($output) {
	$output = stripslashes($output);
	return htmlspecialchars($output);
}

as possible methods to deal with this.

In your example DeltaRho2K, there is no difference.
stripslashes() should not be used at all.
rather, it should only be used when retrieving from the database.

DeltaRho2K

I stand upgraded 😉 Thank you for showing me the laserlight...

damascusdesign

i spent all last night with the addslashes() function and it was giving me all kinds of grief.

this is way easier!

thanks

damascusdesign

i'm still quite the novice here and realize that this may be a question i shouldn't ask - but i'll go ahead and ask it anyway...

where do i put that statement?

do the variables you used $output & $input need to be replaced with the variables i'm sending to my database?

thanks...