2009/4/9 tedd <tedd@xxxxxxxxxxxx>: > Hi gang: -.- > > I'm gathering information from a user, storing that data in a db, and then > showing it back to the user. It's a simple process and can bee seen here in > this address book demo (not real people): > > http://php1.net/a/edit-db-demo > > I gather information from the user via a $_POST[]; like this: > > $last_name = trim($_POST['last_name']); > > Then I pass it through mysql_real_escape_string() like so -- > > $last_name = mysql_real_escape_string($last_name); > Good. > -- and then I put that data into my table via an UPDATE. > > Then when I pull data from the table, I do this -- > > $last_name = htmlentities($row['last_name']); > > -- and show that data to the user. That's what I'm supposed to do right? Yes, but add ENT_QUOTES as second parameter to htmlentities, so that php will convert single 'quotings', too. You might want to use htmlspecialchars($str, ENT_QUOTES) to preserve special characters liek äöü and alike. If you're using UTF-8, you want to add 'UTF-8' as the third parameter for the given html*() function. bye > > So, why is it that when I enter the name "O'Brian", the entry comes back > "O/'Brian"? this happens, because you have php configured to automatically apply addslashes() to every predefined user-input scope like _GET, _POST, ... just turn it of or call stripslashes *before* issuing mysql_real_escape_string().. like that : "UPDATE `foo` SET `bar` = ". mysql_real_escape_string(stripslashes($_POST['yourself'])); Beware of typing stripcslashes('see the C?"), as it will not strip anything without further options. ;) byebye > > So what's wrong and how do I fix it? > > Cheers, > > tedd > > PS: I know that I'm supposed to know this, but that part of my brain is on > vacation -- I can't afford for all of me to go on vacation at one time. > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
