Reputation:
Issue with Insert or Posting Data with single or double quotes
Still very new to mysqli / php and am building a form for data entry. When I post the data and then go back to view it, anytime there was a single quote (') or double-quote ("), it down displays with a slash in front of it.
For example, if I insert Hadrian's Wall, it comes back and displays as Hadrian\'s Wall. How would one have it display as it was originally intended.
Also, each time I update it, it adds more slashes. So the first time I updated Hadrian's Wall, it became Hadrian\'s Wall. The second time it became Hadrian\'s Wall, the third time it became Hadrian\\'s Wall and so on.
My post.php file code is:
<?php
define('DB_SERVER', "*****");
define('DB_USER', "*****");
define('DB_PASSWORD', "*****");
define('DB_TABLE', "*****");
// The procedural way
$mysqli = mysqli_connect(DB_SERVER, DB_USER, DB_PASSWORD, DB_TABLE);
$mysqli->set_charset("utf8");
$mysqli->query("SET NAMES 'utf8'");
if (mysqli_connect_errno($mysqli)) {
trigger_error('Database connection failed: ' . mysqli_connect_error(), E_USER_ERROR);
}
$lvmID = $_POST['lvmID'];
$toestelID = $_POST['toestelID'];
$toestel = $_POST['toestel'];
$erlr = $_POST['erlr'];
$inschrijvingnmr = $_POST['inschrijvingnmr'];
$status = $_POST['status'];
$cn = $_POST['cn'];
$ln = $_POST['ln'];
$delivered = $_POST['delivered'];
$vliegtuignaam = $_POST['vliegtuignaam'];
$became = $_POST['became'];
$vorigeLVMID = $_POST['vorigeLVMID'];
$vorigeInschrijv = $_POST['vorigeInschrijv'];
$firstflight = $_POST['firstflight'];
$engines = $_POST['engines'];
$configuratie = $_POST['configuratie'];
$remark = $_POST['remark'];
$specialekleuren = $_POST['specialekleuren'];
$fleetnmr = $_POST['fleetnmr'];
$inactive = $_POST['inactive'];
$exitdate = $_POST['exitdate'];
$beeld = $_POST['beeld'];
$beeld_linkje = $_POST['beeld_linkje'];
$beeld_copyright = $_POST['beeld_copyright'];
$photouse_approve = $_POST['photouse_approve'];
$photouse_approve_date = $_POST['photouse_approve_date'];
$beeld_comment = $_POST['beeld_comment'];
$seatmap = $_POST['seatmap'];
$id = $_POST['id'];
$sql = "
UPDATE tbl_vliegtuiggegevens SET lvmID=?, toestelID=?, toestel=?, erlr=?, inschrijvingnmr=?, status=?, cn=?, ln=?, delivered=?, vliegtuignaam=?, became=?, vorigeLVMID=?, vorigeInschrijv=?, firstflight=?, engines=?, configuratie=?, remark=?, specialekleuren=?, fleetnmr=?, inactive=?, exitdate=?, beeld=?, beeld_linkje=?, beeld_copyright=?, photouse_approve=?, photouse_approve_date=?, beeld_comment=?, seatmap=? WHERE vliegtuiggegevenID=?";
if(!($stmt = $mysqli->prepare($sql)))
{
die("Unable to prepare statement");
}
else
{
$stmt->bind_param("iisssssssssisssssssissssssssi", $lvmID, $toestelID, $toestel, $erlr, $inschrijvingnmr, $status, $cn, $ln, $delivered, $vliegtuignaam, $became, $vorigeLVMID, $vorigeInschrijv, $firstflight, $engines, $configuratie, $remark, $specialekleuren, $fleetnmr, $inactive, $exitdate, $beeld, $beeld_linkje, $beeld_copyright, $photouse_approve, $photouse_approve_date, $beeld_comment, $seatmap, $id);
if($stmt->execute())
{
echo "Successfully updated";
}
else
{
die("Update failed");
}
}
mysqli_close($mysqli);
?>
On the form page that I use to enter the data, my code for one of the forms fields is:
<input type="text" name="vliegtuignaam" size="40" value="<? echo
"$row[vliegtuignaam]"?>">
On the display page, this same field for display would be:
<td><strong>Vliegtuignaam: </strong></td>
<td><? echo "$row[vliegtuignaam]"?></td>
When I try something like it just outputs stripslashes(Hadrian\'s Wall) instead of Hadrian's Wall.
Upvotes: 1
Views: 39
Answers (1)
Reputation: 74217
"When I try something like it just outputs stripslashes(Hadrian\'s Wall)"
What you probably tried to do was <td><? echo "stripslashes($row[vliegtuignaam])"?></td> which is incorrect.
That is why it's showing you the function name because the function is set inside quotes.
What you need to use is:
<td><? echo stripslashes($row['vliegtuignaam']);?></td>
or
<td><? echo stripslashes($row[vliegtuignaam]);?></td>
if the quotes inside the array gives you a hard time.
As per an example in the manual http://php.net/manual/en/function.stripslashes.php
echo stripslashes($str);
Full example:
<?php
$str = "Is your name O\'reilly?";
// Outputs: Is your name O'reilly?
echo stripslashes($str);
?>
What you could do and as another option, would be to use stripslashes() on the variable(s) before it gets to the query.
$str = "Is your name O\'reilly?";
$newstring = stripslashes($str);
then go ahead with the insert.
Upvotes: 1
Related Questions
- How to run single test method with phpunit?
- When to use single quotes, double quotes, and backticks in MySQL
- MySQLDump one INSERT statement for each data row
- What is the difference between single-quoted and double-quoted strings in PHP?
- INSERT with SELECT
- MySQL ON DUPLICATE KEY UPDATE for multiple rows insert in single query
- How do I replace double quotes with single quotes
- Mysql PHP insert with quotes and double quotes
- Double vs SIngle Quotes issue
- single quotes inside double quotes php