HomeDesigning Your WebsiteWebmaster's Corner

Strip Unknown Characters in textarea

airoid3000 posted this at 23:52 — 29th January 2006.

They have: 71 posts

Joined: Mar 2004

I am trying to submit textarea text into a database and then display it on another page. Problem is, some of the text in the textarea has unknown characters and therefore displays this instead: ’v (or something similar)

How can I strip a textarea submission to prevent submission of unknown characters?

bugmaster posted this at 00:09 — 30th January 2006.

They have: 13 posts

Joined: Jan 2006

depending on your os, code, and whatnot, there are modules to do this
to prevent from injecting bad stuff into mysql before inserting.

there is also regular expressions and whatnot you can use
If you are using Php, go to php.net and search for function preg_match
preg_replace etc

Regards,
Bugmaster
http://www.logowars.com - Graphics Gone Mayhem

airoid3000 posted this at 00:37 — 30th January 2006.

They have: 71 posts

Joined: Mar 2004

I am using php and mysql on linux. Could you point to to a location of one of those modules?

By the way, here are the most common problems:

“ needs to be "
’ needs to be '

airoid3000 posted this at 03:22 — 30th January 2006.

They have: 71 posts

Joined: Mar 2004

Here is what I have so far:

<?php
function convert_smart_quotes($string)
{
$search = array('&lsquo;',
'&rsquo;',
'&ldquo;',
'&rdquo;',
'&mdash;');


$replace = array(\"'\",
\"'\",
'\"',
'\"',
'-');

return str_replace($search, $replace, $string);
}
?>

This works perfectly when I have static text on the page like so:
<?php
$thistext = \"&lsquo;single quotes&rsquo;\";
$text = convert_smart_quotes($thistext);
echo \"$text\";
?>

However, I am trying submit the value from a text field and then run the function before I enter it into the database like so:

<?php
$convertedtextarea= convert_smart_quotes($textarea);
?>

For some reason it enters into the database just as it was typed in the textarea without ever replacing the quotation marks. Any suggestions? HELP!

Dux0r posted this at 16:07 — 31st January 2006.

She has: 31 posts

Joined: Jan 2006

It seems to me like you've got your search and replace backwards. From what you've got above the codes (ie ’) will be replaced with quotes (ie ').

If you're trying to put them in the database, surely you want to remove the quotes? Or convert them to the symbols.

If not then sorry for my mistake.

You might also want to try using strip_slashes() and add_slashes() which will make any string safe for use in a MySQL statement.

Hope this helps.

Dux0r posted this at 16:07 — 31st January 2006.

She has: 31 posts

Joined: Jan 2006

The smiley face is ; ) by the way

airoid3000 posted this at 03:45 — 1st February 2006.

They have: 71 posts

Joined: Mar 2004

Actually, the code is changing the curly quotes to regular quotes. It works properly, just not while submitting a form for some reason.

I had to add a similar script which identified and replaced those weird symbols mysql replaced the curly quotes with (i.e. ’) onto the output page instead of on the input page.

It seems to be working just as well.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.