input form save and display conflict

Re: input form save and display conflict

Ashley Sheridan wrote:
> On Thu, 2009-10-22 at 21:32 -0400, PJ wrote:
>> I have several input fields to update a book database. There seems to be
>> a conflict in the way tags and text are input through php/mysql and
>> phpMyAdmin. If I enter the data with phpMyAdmin the input fields in the
>> php page see quotation marks differently than what is input in phpMyAdmin.
>> example:
>> if the data is input through the update form, single quotes cause an
>> error. Double quotes update the db but when the edit(update) form
>> displays the text for modification outside the input field except for
>> the first part, precisely where the first quotation mark appears in the
>> text - as below:
>>
>> *Reviewed by Recipient:
>> blah, blah, blah...religion." _size="50" />_
>> The text in square brackets is displayed outside the input field and
>> includes part of the code at the end.
>> bold is within the field, the rest is outside and the underlined is part
>> of code.
>>
>> If the same text is entered with phpMyAdmin using single quotes and the
>> " characters, the display in the editing field shows correctly...
>> but it will not update, that is, the update query generates errors and
>> only accepts the double quotes within the tags.
>>
>> So, the question is, are there some kind of metacharacters to be used to
>> have mysql accept the " ? I have triee backslashing, forward slashing
>> and they don't do it.
>>
>> Or is there an encoding conflict here? It looks like a display and save
>> mismatch somewhere...
>>
>> below is another example:
>> >> href='http://www.amazon.com/exec/obidos/ASIN/0773468943/fran kiesbibliogo' > >> height=68 alt="Order This Book From Amazon.com"
>> src="../images/amazon1.gif" width=90 border=0 />
>>
>> The single quotes for the href seem to work. But the " does not work;
>> and using " or ’ also also do not display correctly; again,
>> from "Order... the image is not displayed but only the image blank with
>> "Order.. " in it.
>> I'm rather puzzled.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> Single quotes need to be escaped if you are using them as part of a
> query. For example:
>
> $query = "UPDATE table SET title='This is a title with \"quoted\"
> \'characters\''";
>
> Note that here, double quotes are used to encapsulate the whole query
> string (as it is generally preferred this way), the value of the title
> field is encapsulated in single quotes. Lastly, where I've wanted
> double quotes to be used in the query, I've escaped them with a
> back-slash. This escapes them from PHP, as mysql is using single
> quotes, so directly in the query they're fine. The single quotes are
> also escaped with back-slashes, but this time to escape them from
> mysql, as single quotes are used as the string delimiters there.

I've had a chance to think about the problem and I think this will fix it.
The edit page retieves the form input variable = commentIN and echos to
the browser. The problem is that the browser displays commentIN without
the the backslashes and that is what is then resubmitted if the submit
is execcuted (without the slashes).
Therefore, it seems to me, I must use preg_replace to add the \ to the
single quotes in the commentIN variable just before the update query...
My only question, then, is how do I do the preg_replace in the commentIN
.. Is it something like $commentIN = (act on $commentIN) or do I have to
do a $another_name = (preg_whatever, $commentIN and then reassign
$commentIn = $another_name ?
TIA.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php