How do I keep quotations in variable used with PHP string

Question

I am using a custom php query by submitting a custom search form. Everything works great except for if a string calls a name like O'Reilly, the search will come up with no results for O\'Reilly instead of O'Reilly. I am using the following to call the variable:

$fullname=trim($_REQUEST["fullname"]);

and this is my php header

 header("Location: http://example.com/results?patientid=$patientid&fullname=$fullname&date=$date");

That will redirect to the search results page where I have the following code for the fullname:

             $patientid=trim($_REQUEST["patientid"]);
             $fullname=trim($_REQUEST["fullname"]);
             $date=trim($_REQUEST["date"]);

Then I echo that and it comes up O/'Reilly with the slash in it and no results.

Should be O'Reilly

Answer 1

I fixed it by doing the following:

             $fullname=trim($_REQUEST["fullname"]);
             $fullname = stripslashes($fullname);

Answer 2

If Magic Quotes is On It automatically escapes incoming data to the PHP script. This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0. When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. magic_quotes_gpc Affects HTTP Request data (GET, POST, and COOKIE). Cannot be set at runtime, and defaults to on in PHP.

Answer 3

Uh, you definitely want to urlencode those...

header("Location: http://example.com/results?patientid=".urlencode($patientid)."&fullname=".urlencode($fullname)."&date=".urlencode($date));

But you know what's even better? http_build_query

var $query_string = http_build_query(array(
  "fullname" => $fullname,
  "patientid" => $patientid,
  "date" => $date
));

header("Location: http://example.com/results?{$query_string}");