> Date: Sunday, October 22, 2023 23:10:07 -0700
> From: JEFFRY KILLEN <jekillen@xxxxxxxxxxx>
>
>> On Oct 22, 2023, at 10:11 PM, Jim Pazarena <php@xxxxxx> wrote:
>>
>> I have an html/php form where I have a text box where free form
>> info can occupy such as birthdate, weight, height, other personal
>> info. Oh yes, this entire routine was created for me by a friend
>> who has now passed away so I am on my own to debug and/or make
>> changes. Anyways, I wrap text input boxes in an "addslashes"
>> function, which corrected an issue I had with quotes. Except, if I
>> enter someones height, such as 5 ft 11 inch (as: 5' 11" ) While I
>> see the entry in the URL as 5'+11"++ ( etc)
>> What actually get posted is: 5? 11?
>> If I go back in and edit that field, and replace the '?" with the
>> applicable quote (' or "), I still see the same 5'+11"++ in the
>> URL, but this time it does indeed get written into the table as
>> expected.
>>
>> I would appreciate a hint on what I should be looking for to
>> determine where/how the '?' are getting in there. The insert
>> always places 5? 11? while the update always corrects it. I am
>> stumped.
>>
>
> Since the input fields have strings, the single and double quotes
> need to be escaped. But that would need javascript to escape the
> quotes before the form is submitted. I would have separate fields
> for foot and inch. Then name the fields ft and in. Then in the PHP,
> when it processes the input it takes the ft field and in field and
> combines it to produce your value.
>
> As well the actual code for the single and double quotes could be
> for curly quotes or some other encoding that html/http does not
> understand. That can account for the '?'.
>
> The single and double quotes are best avoided in the input fields.
> They would just be for the sake of the user.
>
Honestly, I wouldn't spend time trying to address this issue. As Jeff
points out the reason that quotes are displaying as question marks
are many and varied - and addressing them all can be quite complex
(and requires a fairly detailed understanding of what different
platforms do in the non-standard ascii character ranges).
Taking structured data into a free-form text block makes it almost
useless. A human may be able to find the useful bits, but even there
it will take time as it sounds like the pieces are entered in
haphazard order and in inconsistent form.
I would suggest starting fresh setting up fields for proper
structured data intake (including built-in valid input constraints
and checking) and storage. Free-form fields are fine, for free-form
data, but counterproductive otherwise.
