Results 1 to 7 of 7

Thread: How to replace double & single quotes?

  1. #1
    Join Date
    Feb 2007
    Location
    New York
    Posts
    12

    Default How to replace double & single quotes?

    I need to pass a string in a function call, and there is a possibility that the string may contain double quotes ("), single quotes (') or both.

    I want to replace " with &_quot; and ' with &_#39; (underscores inserted here to prevent these codes from translating here)

    I thought there were functions that could be used to make this substitution, but all of my attempts thus far have been unsuccessful. Here is what I have tried (I used the echo process below in my code to display the results quickly, but none of these had the desired results:
    $enStr = $row['myField_that_might_contain_quotes'];

    THESE FIRST THREE PLACED BACKSLASHES (\) IN FRONT OF THE QUOTES, BUT MY FUNCTION STILL COMPLAINED ABOUT STRING TERMINATORS:
    echo addslashes($enStr) . "<br>" . $eol;
    echo mysql_real_escape_string($enStr) . "<br>" . $eol;
    echo mysql_escape_string($enStr) . "<br>" . $eol;

    NONE OF THESE MADE ANY CHANGES TO THE TEST STRING:
    echo str_replace('\\"','&quot;',$enStr) . "<br>" . $eol;
    echo escape_string($enStr) . "<br>" . $eol;
    echo htmlentities($enStr,ENT_QUOTES) . "<br>" . $eol;
    echo htmlspecialchars($enStr, ENT_QUOTES) . "<br>" . $eol;
    echo ereg_replace('"', '&quot;', $enStr) . "<br>" . $eol;
    echo ereg_replace('\"', '&quot;', $asStr) . "<br>" . $eol;
    Can anyone suggest a method that works?

    Thanks in advance!

  2. #2
    Join Date
    Jan 2008
    Location
    cardboard box
    Posts
    389

    Default

    Could you post the minimum code required to produce the error.

    There's no reason you shouldn't be able to pull a field out of a database that contains quotes.

    ex
    PHP Code:
    $result mysql_query("SELECT * FROM table");
    while(
    $row mysql_fetch_array($result)) {
        echo 
    $row["field"];
    }; 
    Last edited by wysiwyg; 01-17-2009 at 09:54 PM.
    Have you tried turning it off and on again?

  3. #3
    Join Date
    Feb 2007
    Location
    New York
    Posts
    12

    Default

    Could you post the minimum code required to produce the error.

    There's no reason you shouldn't be able to pull a field out of a database that contains quotes.
    The problem is not pulling a field that contains quotes; the problem is that if the field contains quotes, I need to escape them (that is change " to &_quot; and change ' to &_#39; {without the underscores}) so the string will NOT have any quotes.

    In the code snippet below, the "$cString" variable is the passed parameter in the "smsPop()" function call, and when "$cString" contains quotes, the code breaks. I created a few records with apostrophes and quotes in the "eventName" field which in turn causes the $cString variable to have the quotes.

    One result evaluated to this:
    Code:
    onClick="smsPop('?eNAME=Bill's%20Event');"
    (note the apostrophe after "Bill" -- that breaks the code... Here's the code you requested:
    PHP Code:
    $selseqnum  $_GET['selSEQNUM'];
    $selseqnum  mysql_real_escape_string($selseqnum);

    $query "SELECT * FROM EventTable WHERE SeqNum = '$selseqnum'";
    $result mysql_query($query) or die(mysql_error());
    while(
    $row mysql_fetch_array($result)){

        
    $cString1 "?&eNAME=" $row['eventName'];

        
    $smsLink " <a href=\"#\" onClick=\"smsPop('" addslashes($cString1) . "'); return false;\" Title=\"Send this event & address to your cell phone.\"><span style=\"font-size:9px;\" >Text 2 Phone</span></a>";



    I tried several different methods to replace the quotes as noted in my original post, and none worked for me, so I need to figure out what I am missing.

    Thanks for your help!

  4. #4

    Default

    I suggest using var_dump() or print_r() to find out exactly what you're getting before and after running things like addslashes(). For example, if your MySQL data is coming out of the database with slashes already added, I don't think addslashes() is going to help you any. Like this:

    PHP Code:
    while($row mysql_fetch_array($result)){

        
    $cString1 "?&eNAME=" $row['eventName'];
        
    var_dump($cString1);
        
    $cString1 addslashes($cString1);
        
    var_dump($cString1);

        
    $smsLink " <a href=\"#\" onClick=\"smsPop('$cString1'); return false;\" Title=\"Send this event & address to your cell phone.\"><span style=\"font-size:9px;\" >Text 2 Phone</span></a>";


    Hope that helps!

  5. #5
    Join Date
    Feb 2007
    Location
    New York
    Posts
    12

    Default

    Quote Originally Posted by God's Webmaster View Post
    I suggest using var_dump() or print_r() to find out exactly what you're getting before and after running things like addslashes(). For example, if your MySQL data is coming out of the database with slashes already added, I don't think addslashes() is going to help you any.
    FYI, I echoed the results of each operation I tried (see original post), and this far have not found a method that works.

    I had high-hopes for one of these:
    PHP Code:
    echo str_replace('\\"','&quot;',$enStr) . "<br>" $eol;
    echo 
    str_replace('\"','&quot;',$enStr) . "<br>" $eol;
    echo 
    str_replace('"','&quot;',$enStr) . "<br>" $eol
    ...but none provided desired results.

  6. #6
    Join Date
    Jan 2008
    Location
    cardboard box
    Posts
    389

    Default

    The function you're looking for is urlencode, or at least it would be if your string weren't already partially encoded. I can't tell if your variable is encoded in the database or not.

    If urlencode doesn't work you can try this..
    PHP Code:
    <?php
    $quotes 
    = array('/"/',"/'/");
    $replacements = array('%22','%27');
    $eventName preg_replace($quotes,$replacements,$row['eventName']);
    $cString1 "?&eNAME=" $eventName;
    ?>
    Last edited by wysiwyg; 01-18-2009 at 10:44 PM.
    Have you tried turning it off and on again?

  7. #7
    Join Date
    Feb 2007
    Location
    New York
    Posts
    12

    Default Thank you!...

    Thank you, both preg_replace() and urlencode() worked.

    I appreciate the help!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •