In your sample code the value is being truncated because size="2" -- so only 2 characters are being assigned to $_POST['Q'] Addslahses should work... Based on your example here is how (I changed the size to 50: <input type="text" size="50" name="Q"> And my user enters: 2 " copper tubing $q = addslashes($_POST['Q']; // new value for Q is: 2 \" copper tubing Now insert $q into your database When you want to display this value from the database onto your webpage use stripslashes stripslashes($row['q']; // this will remove the backslash that was inserted from addslashes Hope this helps, Jimmy Brock -----Original Message----- From: matthew perry [mailto:mwperry@xxxxxxxxxxx] Sent: Monday, March 22, 2004 9:44 AM To: PHP-DB php Subject: escape chars continued Filip de Waard wrote: > > On Mar 22, 2004, at 12:17 PM, Jimmy Brock wrote: > >> Matt, love your show! >> >> Use the addslahses function to escape ' " \ characters. See >> http://php.net/addslashes for details. > > > Actually, you shouldn't use addslashes, but a database specific > function like mysql_escape_string(). > > http://phundamentals.nyphp.org/PH_storingretrieving.php > > Regards, > > Filip de Waard > >> Jimmy Brock >> >> "Matthew Perry" <mwperry@xxxxxxxxxxx> wrote in message >> news:405E6BD8.9010502@xxxxxxxxxxxxxx >> >>> I am trying to allow my users to enter quotes in their strings. For >>> instance instead of writing: 2 inch rod, they can write 2 " rod. >>> The >>> problem is, of course, that " ends the string and all that is saved >>> is any value before the ". How do I get around this without using >>> textarea? >> >> >> -- >> PHP Database Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> Actually I think the problem is before you can use either addslashes or mysql_escape_string() functions. The value with " or ' never reaches the database. I think I need a way to ignore quotes for input values in HTML. Say I have this: <input type="text" size = "2" name="Q"> And my user enters: 2 " copper tubing The value for "Q" will be: 2 When I add it to the database with addslashes there will be no ", ' or \ to add a slash to! And when I retreive it from the database and use mysql_real_escape() there will be the same problem. Thank you for your time, and yes I am the real Matthew Perry of course. Matthew Perry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
