Welcome Guest, Not a member yet? Register   Sign In
Escape quotes/strip slashes.

My insert code isnt stripping quotes and adding slashes, so when a user adds data with quotes, it breaks my application. So Im not sure what I need to do to make this work.

here is my insert code:

function insert_park()
        $this->park_name   = $_POST['park_name'];
        $this->park_description   = $_POST['park_description'];
        $this->park_website   = $_POST['park_website'];
        $this->park_addr1   = $_POST['park_addr1'];
        $this->park_city   = $_POST['park_city'];
        $this->park_state   = $_POST['park_state'];
        $this->park_zip   = $_POST['park_zip'];
        $this->park_visible   = $_POST['park_visible'];
        $this->db->insert('parks_tbl', $this);

Any help would be greatly appreciated!

Try using an array and see if that helps:

function insert_park() {
  $fields = array();

  $fields['park_name'] = $_POST['park_name'];
  $fields['park_description '] = $_POST['park_description'];
  $fields['park_website'] = $_POST['park_website'];
  $fields['park_addr1'] = $_POST['park_addr1'];
  $fields['park_city'] = $_POST['park_city'];
  $fields['park_state'] = $_POST['park_state'];
  $fields['park_zip'] = $_POST['park_zip'];
  $fields['park_visible'] = $_POST['park_visible'];

  $this->db->insert('parks_tbl', $fields);

It seems to be storing it correctly in the database, but Im having trouble when I output the data here:

Any thoughts?

&lt;?php echo "var infoHTML = '<a >park_id."\">".$row->park_name."</a><br>".$row->park_city.",".$row->park_state."';"."\n";?&gt;

It seems to get confused with the single quotes, and see's the single quotation in the name of the park as the closing one here. Hmm.

I'll have to assume that you're throwing this into a javascript string. You should probably to use PHPs 'htmlspecialchars' method.

try this:
//fields that could have quotes
$park_name = htmlspecialchars($row->park_name);
$park_city = htmlspecialchars($row->park_city;
$park_state = htmlspecialchars($row->park_city);

Yes, Im using an echo statement to try to get it into a js function for google maps. It works, until there is a park name with single quotes. Is there a php function that will add a slash to any quotes it finds?

yes, it's called addslashes();

hope this helps

I tried that, and it add's the slashes. But Im getting a conflict still.

Basically, from that statement above - if the name has a single quote it - it conflicts with the string as a whole in single quotes and bugs out. Do you have any ideas of a way around that?

You have been a great help so far Smile

Try this:
Also, note that i removed the '\n' command as it is not needed at the moment.

    $park_id = $row->park_id;
    $park_name = $row->park_name;
    $park_city = $row->park_city;
    $park_state = $row->park_state;
    $string = "<a >" . $park_id . "/". $park_name . "</a><br>" . $park_city. "," . $park_state;
    $html_info = addslashes($string);
var htmlInfo = "&lt;?php echo $html_info; ?&gt;";

I don't know if this is going to work for what you need. But i tested it with a single quote and it appeared to work.

Excellent! I really appreciate the help on this. Let me see if I can make it work...

I owe you a big thanks! With your help, I got it working! Thank you so much!

Here is the code:

&lt;?php $park_id = $row->park_id;?&gt;
            &lt;?php $park_name = $row->park_name;?&gt;
            &lt;?php $park_city = $row->park_city;?&gt;
            &lt;?php $park_state = $row->park_state;?&gt;
            &lt;?php $park_lat = $row->park_latitude;?&gt;
            &lt;?php $park_long = $row->park_longitude;?&gt;
            &lt;?php $string = "<a >" . $park_name . "</a><br>" . $park_city. "," . $park_state; ?&gt;
            &lt;?php $infoHTML = addslashes($string); ?&gt;
        var infoHTML = "&lt;?php echo $infoHTML; ?&gt;";

Theme © iAndrew 2016 - Forum software by © MyBB