Escape quotes/strip slashes. - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Escape quotes/strip slashes. (/showthread.php?tid=15437) |
Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]jrutter[/eluser] My insert code isnt stripping quotes and adding slashes, so when a user adds data with quotes, it breaks my application. So Im not sure what I need to do to make this work. here is my insert code: Code: function insert_park() Any help would be greatly appreciated! Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]xzela[/eluser] Try using an array and see if that helps: Code: function insert_park() { Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]jrutter[/eluser] It seems to be storing it correctly in the database, but Im having trouble when I output the data here: Any thoughts? <?php echo "var infoHTML = '<a >park_id."\">".$row->park_name."</a><br>".$row->park_city.",".$row->park_state."';"."\n";?> It seems to get confused with the single quotes, and see's the single quotation in the name of the park as the closing one here. Hmm. Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]xzela[/eluser] I'll have to assume that you're throwing this into a javascript string. You should probably to use PHPs 'htmlspecialchars' method. try this: Code: <?php Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]jrutter[/eluser] Yes, Im using an echo statement to try to get it into a js function for google maps. It works, until there is a park name with single quotes. Is there a php function that will add a slash to any quotes it finds? Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]xzela[/eluser] yes, it's called addslashes(); hope this helps Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]jrutter[/eluser] I tried that, and it add's the slashes. But Im getting a conflict still. Basically, from that statement above - if the name has a single quote it - it conflicts with the string as a whole in single quotes and bugs out. Do you have any ideas of a way around that? You have been a great help so far Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]xzela[/eluser] Try this: Also, note that i removed the '\n' command as it is not needed at the moment. Code: <?php I don't know if this is going to work for what you need. But i tested it with a single quote and it appeared to work. Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]jrutter[/eluser] Excellent! I really appreciate the help on this. Let me see if I can make it work... Escape quotes/strip slashes. - El Forum - 02-04-2009 [eluser]jrutter[/eluser] I owe you a big thanks! With your help, I got it working! Thank you so much! Here is the code: Code: <?php $park_id = $row->park_id;?> |