"double quotes" 2

[Kendel]

Hi Everyone,

I'm not really familiar with PHP at all but I have to work with 1 PHP page that will send info to my ASP site.

When info is upload to this page, all the "quotes" are lost. In ASP I can do something like:

Replace(date,"""","''&quot to keep the quotes. Is there any equivalent function in PHP?

Thanks.

 

[sleipnir214]

The code you've posted looks like it exchanges a set of two double quotes for a set of two single quotes. Is this right?

What, exactly, are you trying to do?

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[Kendel]

Thanks for your quick response.

Here is what I want to do:

For example, in value of 1 field in the database look like this: This is a "double quotes"

When this field is load into a text box, it becomes:
This is a

The "double quotes" part is lost.

 

[sleipnir214]

Yeah, your code is probably producing something like:

<input type=&quot;text&quot; value=&quot;This is a &quot;double quotes&quot;>

The browser interprets the first quote in the string as the end of the value string.

I wouldn't replace the double quotes with single quotes -- you'll lose information. For example, what if your string reads: Here's &quot;double quotes&quot;

In the case above, simply replacing double quotes with single quotes won't work. At the other end, which of the single quotes do you convert back to double quotes, and which do you not?

What you need to do is HTML encode your string. Take a look at the PHP function htmlspecialchars():

http://us3.php.net/manual/en/function.htmlspecialchars.php

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[davidpearce]

If you use \&quot; within a string PHP will replace the \&quot; with the single &quot; character. Alternatively HTML will replace &quot; with a single &quot; character.

You might find that by altering your code slightly you can make use of these conversions to insert double quotes characters:

<input type=&quot;text&quot; value=&quot;This is a &quot;double quotes&quot;&quot;>

You can even store the &quot; as part of the text in the database field.

 

[davidpearce]

Sorry I didn't preview my post - I'm new to this site!

HTML will convert

& quot;

(no spaces) to &quot;.

the input line should read

<input type=&quot;text&quot; value=&quot;This is a & quot;double quotes& quot;&quot;>
</code]

Again no spaces between the & and quot;

The page is displayed in HTML, so the [code]& quot;

code was converted into &quot;

 

[sleipnir214]

Hence the reason why I recommended use of PHP's htmlspecialchars() function.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[davidpearce]

fair enough - I was trying to get to the principle.

 

[Kendel]

Thanks guys but I don't want to hardcode the value of the textbox.

The Value of the textbox is set to the value of a field from a table in the database.

 

[davidpearce]

I suggest that you pass the db field through the htmlspecialchars() function something like this

$outstring = htmlspecialchars($dbrow["dbfield"], ENT_COMPAT);
echo $outstring;

ENT_COMPAT converts double quotes but not single quotes, other values are ENT_NOQUOTES (does not convert quotes) and ENT_QUOTES (converts both single and double quotes) to the HTML special characters. This function will also convert other &quot;problem&quot; characters: &quot;<&quot; &quot;>&quot; and &quot;&&quot;.

Alternatively pass the data through htmlspecialchars() before making up your INSERT query. This won't work if you are using an already established database.

 

[Kendel]

Thanks a bunch davidpearce. That's exactly what I need. Here is a star for you.

And a star for you too sleipnir214.