Is there such thing as too much text?

Dolemite50

Hello,

I have a site that allows song uploads and descriptions but I am running into an issue that I have been unable to resolve. It seems when people enter a long decription, the upload fails and it says that they did not enter a Band Name. If you enter a small description it works fine. I have the description field in mysql set to TEXT with no length/value set. I am thinking that the issue may also be being caused by people copy/pasting it from HTML pages but i have been unable to confirm it.

Any suggestions? Thank you.

Roger_Ramjet

If people are pasting html then you will need strip_tags() to clean out the html tags. (sorry I can't put the url fro strip_tags() in, the manual seems to be offline at the mo).

Dolemite50

Thanks again Roger!

Dolemite50

Hi, I have it narrowed down to when people use an apostrophe but I cant get it resolved. I tried this:

$lyrics = addslashes(strip_tags($lyrics));

But it doesn't work. If I remove the apostrophes from the lyrics it works fine. Is there anything else that I might be overlooking?

Thanks again.

Dolemite50

Could this because I have the mysql column set to TEXT and not VARCHAR?

Roger_Ramjet

No TEXT is just a big VARCHAR.

As to the apostrophe. Yes I can see that screwing up your query. What you need to do is to determine the correct escape sequence that you need and then decide upon your string quoting syntax in the php script. At the least you will need to double up the apostrophies if you want to keep them.

Dolemite50

Originally posted by Roger Ramjet
What you need to do is to determine the correct escape sequence that you need

I checked there, it looks like it would be addslashes but it's not working. Am I using the wrong one?

Thanks again for so much help.

Roger_Ramjet

Don't know a lot about addslashes, never needed it. Did you read the manual carefully.

First point: is your server set up to use ansi quotes

"If the server SQL mode has ANSI_QUOTES enabled, string literals can be quoted only with single quotes. A string quoted with double quotes will be interpreted as an identifier."

If yes, then your query must be using single quotes, so an apostrophe in the text means end-of-string. To overcome this use one of the replace functions to substitute in one of the following ways

There are several ways to include quotes within a string:

* A `'' inside a string quoted with `'' may be written as `'''.
* A `"' inside a string quoted with `"' may be written as `""'.
* You can precede the quote character with an escape character (`\').
* A `'' inside a string quoted with `"' needs no special treatment and need not be doubled or escaped. In the same way, `"' inside a string quoted with `'' needs no special treatment.

The following SELECT statements demonstrate how quoting and escaping work:

I've no idea what addslashes does. It may not even consider ' as a char that needs a slash.

Dolemite50

Arrgh, I dont get it. Apparently the addslashes() function should be adding a slash before the single quote so it matches what I need for your mysql link. It should be changing "that's" to "that\'s" but it isnt, or else it is but I'm still getting an error of some other sort. I'm sure that its the apostrophe causing it. If I enter the single worddon't into the lyrics, the script chokes. If I remove the apostrophe it works.

Roger_Ramjet

Like I said, forget the addslashes. Do a string replace and substitute it yourself, only use the double up technique: 'hel''lo'. Trail and error baby, trial and error.

Dolemite50

Well,

Here's where I've gotten. I found that using addslashes works perfect for making DON'T DON\'T, I didnt think it was working because when I was echoing the results, the slashes weren't showing up. When I looked closer I realized that they were not standard single quotes, but they look like specialized quotation marks. I'll try to paste an excerpt.

Too much ‘give and take’

So what the heck are those characters? Whatever they are, they seem to be breaking my code. I can't even figure out how to reproduce them on my keyboard.

Has anybody run into this?

Thanks.

Roger_Ramjet

Well, not seen them before but they are in the ASCII table. x91 and x92 so I guess that someone has used the hex code originally and then it is just being copy-pasted around.

Looks like you'll have to check for oddball chars if the users are doing this sort of input. Try the user notes here . There is a function there that use regular expression to backslash everything that is not a-z, A-Z, 0-9 . could be what you need.

Or treat it as binary data and store it in a Blob column.

PS. the reason I never use addslashes is that magic_quotes_gpc is on on my server, as it is on most, so adding slashes is automatic, don't need to do it myself. Check it out on your server, you probably don't ned to do it either.

laserlight

From what I've read, they sometimes come about when one uses say, MS Word to edit.
They arent part of ASCII, at least not the original ASCII (0x91 > 0x7F).

Dolemite50

Thanks alot you two.

Laser,

I am using a couple functions that you so graciously supplied to me a few months ago. Here they are:

	function prepIn($input) {
$input = trim($input); 
if (!get_magic_quotes_gpc()) { 
return addslashes($input); 
 } 
   return $input; 
} 


function prepOut($input) { 
   						 $input = stripslashes($input); 
return htmlspecialchars($input); 
						}

And they seem to have been working like a champ so far until the whole "pasting from a webpage" issues. Can you think of any way that those functions might be altered to prevent the issues that I am having now?

Thanks alot everybody.