Form data converted on send
I have a custom site input system I am working on... I have a page, with a form on it, that gets sent to a PHP script. The form has several text fields on it, and a textarea field. Everything works fine for now...
The problem that I am having, is that I need to enter stuff like " and and so forth in these fields. If I do enter these, they automatically get converted to " and spaces when the form is posted... which is not what I want.
How do I prevent this from happening? Eg. PHPMyAdmin does not do this at all... you can enter anything like ", ®,  , &, ©, etc
Also, I do need to have a combination of " symbols and " symbols in the text fields, so converting the entire field by a php function, after the form is received would not work well...
Is there a special way, simply to prevent the fields from being converted?
Suzanne posted this at 02:56 — 1st November 2003.
She has: 5,507 posts
Joined: Feb 2000
$stringvariablename = str_replace ("&","&",$stringvariablename);
Alternatively there are a number of html functions that preserve and/or strip html from the input and replace it in the db as something else.
Then you can do another function on the data on the way out of the db to HTMLize it.
In general you want to convert the fields to prevent mean nasty hackers from entering bad news into your forms and causing mischief...
Busy posted this at 09:20 — 1st November 2003.
He has: 6,151 posts
Joined: May 2001
I like the html character one
$stuff = htmlspecialchars($stuff);
the other one is addslashes() / stripslashes()
robvdl posted this at 22:55 — 1st November 2003.
They have: 4 posts
Joined: Oct 2003
Hmmm, well, I tried some answers, no luck - but I found my own way that works.
problem is, the textarea seemed to be converted automatically when the submit button was pressed, and I seemed to have no control over it
yes, it is true, you should be able to reconvert back to html, after the form had been sent, with some special function. But I think if there were some odd cases, the field could not be converted back exactly the way the field was before submit was pressed, by such a function. if you get what I mean. - maybe not..
I just find it odd, the form is converted automatically when submit is pressed in the first place - I mean, what is the point of that?
anyway, I got so desperate and I thought of an alternative way out.
I created two forms, one with actual fields + a submit button, this is the temp form. but the submit button goes to a javascript function instead
the second form, is full of hidden fields. when the submit button is pressed on the temp form, the javascript converts all text fields to hex strings eg "B023AF" in groups of two it copies them to the hidden fields on the second form, and uses javascript to post the second form instead
crude, but it works. I just decode the strings back at the other end in php, and the fields are perfect.
m3rajk posted this at 22:33 — 6th November 2003.
They have: 461 posts
Joined: Jul 2003
actually the slashes are for slashing out things such as " and 'that may need it for a db.
the htmlspecialchars and HTMLENTITIES are for removing html so that people cannot put in scripts or such upon your pages viia posting.
POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.
Suzanne posted this at 23:02 — 1st November 2003.
She has: 5,507 posts
Joined: Feb 2000
Are you sure that the data is being converted? Or is it being displayed weirdly instead? It shouldn't be converted unless you tell it to be converted.
Per usual, an url or sample code would help people set you on the right path. Your solution, while it works, means a LOT of extra work for no good reason?
robvdl posted this at 23:10 — 1st November 2003.
They have: 4 posts
Joined: Oct 2003
yes it is being converted here is how I am sure:
document1.php:
The user puts this in the field: " clicks submit/save
document2.php:
the variable $caption now contains " not " like I need it to
robvdl posted this at 00:56 — 2nd November 2003.
They have: 4 posts
Joined: Oct 2003
argh! got it... sorry about the hassle...
I had an edit page. where I would reload the previously entered content into all the fields
like so:
">
if I previously entered say " in the field and saved it
then go back to the edit page - the fields will be reloaded with the code above
if you looked at the output html it would read
but on the screen it would read " inside the edit field, not " - that is where it went wrong!!!! after clicking save again on that form, it would change it to a " in the database
all I had to do is start with blank fields:
then call a php generated javascript function to fill the form - that worked...
function fillForm() {
<? echo "document.formname.caption.value='$caption';\n"; ?>
}
just means I now have to first parse the $caption string in php, and replace any ' with \' so it does not stuff up the javascript but that is not too bad
once again, sorry about the hassle - should have seen that ages ago
Suzanne posted this at 01:34 — 2nd November 2003.
She has: 5,507 posts
Joined: Feb 2000
Heh -- when in doubt, view source.
I've done it too often to mention myself.
Busy posted this at 08:55 — 2nd November 2003.
He has: 6,151 posts
Joined: May 2001
you should really have the 'type' of input it is as well (type="text"), also quotes around all values
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.