RE: [PHP] Displaying data from a MySLQ table
The fact that you are calling stripslashes tells me that one of two things has occurred. #1. You escaped data coming into the DB *twice*, which often happens with Magic Quotes GPC + (addslashes || mysql_real_escape_string) used together. Your data is corrupt, and until you fix that, you'll just have nightmares. #2. You just don't understand the purpose of escaping data to go into MySQL. The purpose of the escaping is not to STORE the data with extra slashes. The purpose is to add extra slashes so that MySQL parser/reader can "eat" them and end up with the correct raw data you had before you escaped it. RIGHT WAY Raw Data Escaped Data What MySQL puts on hard drive can'tcan\'t can't WRONG WAY Raw Data Doubly-escaped What MySQL puts on hard drive can'tcan\\\'t can\'t If you're getting can\'t "out" of MySQL with mysql_fetch_row, then you are in situation #1. If you don't but you are calling stripslashes() anyway, you are in situation #2 On Fri, June 30, 2006 3:14 pm, Don wrote: > Ok, better but stil not displayting properly. > Here is what my database field has: > > import.csv'<">/\ > > Here is what is displaying: > > import.csv' noenter()"> > > It's choking on the double quote in the database field. Here is the > code > snippet from my form: > > > > function display_database($value) > { >$value = htmlentities($value,ENT_COMPAT); >if (!get_magic_quotes_gpc()) { >$value = stripslashes($value); > } > return $value; > } > > -Original Message- > From: Stut [mailto:[EMAIL PROTECTED] > Sent: Friday, June 30, 2006 3:49 PM > To: Don > Cc: php list > Subject: Re: [PHP] Displaying data from a MySLQ table > > Don wrote: >> Hi Have have a varchar field in a MySQL database which contains the >> following >> >> 905.362.6000"l""s"'L' >> >> I am trying to display it on my web page in a field >> but >> all I see is: >> >> 905.362.6000 >> >> I am wondering why the trailing characters do not display even >> though >> they are present in the database when I check using PhpMyAdmin. >> Please > help. > > You need to run the value through htmlentities > (http://php.net/htmlentities). > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying data from a MySLQ table
On Fri, June 30, 2006 1:39 pm, Don wrote: > 905.362.6000"l""s"'L' > So you end up with this: value="905.362.6000"1""s"'L'" ^ And, in HTML, this | marks the end of the string. You know how you do mysql_real_escape_string to put data in a database? In the same way, you need http://php.net/htmlentities to put data into HTML. In fact, if you think about it, almost every time you put data from point A to point B, you need to "escape" it for that specific usage. data -> MySQL : mysql_real_escape_string data -> HTML : htmlentities data -> URL : urlencode You can frequently "get away" with not doing the escape only because the data doesn't happen, by mere chance, to have any 'bad' characters in it. That doesn't make your code correct. It just happens to sort of work. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Displaying data from a MySLQ table
Ok, better but stil not displayting properly. Here is what my database field has: import.csv'<">/\ Here is what is displaying: import.csv' It's choking on the double quote in the database field. Here is the code snippet from my form: function display_database($value) { $value = htmlentities($value,ENT_COMPAT); if (!get_magic_quotes_gpc()) { $value = stripslashes($value); } return $value; } -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Friday, June 30, 2006 3:49 PM To: Don Cc: php list Subject: Re: [PHP] Displaying data from a MySLQ table Don wrote: > Hi Have have a varchar field in a MySQL database which contains the > following > > 905.362.6000"l""s"'L' > > I am trying to display it on my web page in a field but > all I see is: > > 905.362.6000 > > I am wondering why the trailing characters do not display even though > they are present in the database when I check using PhpMyAdmin. Please help. You need to run the value through htmlentities (http://php.net/htmlentities). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying data from a MySLQ table
Don wrote: Hi Have have a varchar field in a MySQL database which contains the following 905.362.6000"l""s"'L' I am trying to display it on my web page in a field but all I see is: 905.362.6000 Because it has quotes in it. I bet if you look at the source of the page, the full value is there. If your form field looks like this... It's going to output like this -^ So when the browser sees the first double quote in your value, it assumes that you're closing off the attribute. Try running the value thru htmlentities() I am wondering why the trailing characters do not display even though they are present in the database when I check using PhpMyAdmin. Please help. Thanks in advance My code snippet is as follows: Phone The query_database() function is my own and looks as follows: // smart function for querying a MySQL database function query_database($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not a number or a numeric string if (!is_numeric($value)) { $value = mysql_real_escape_string($value); } return $value; } Why are you running mysql_real_escape_string() after selecting data? -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying data from a MySLQ table
Don wrote: Hi Have have a varchar field in a MySQL database which contains the following 905.362.6000"l""s"'L' I am trying to display it on my web page in a field but all I see is: 905.362.6000 I am wondering why the trailing characters do not display even though they are present in the database when I check using PhpMyAdmin. Please help. You need to run the value through htmlentities (http://php.net/htmlentities). This email and any files transmitted with it are strictly confidential and may be privileged information. It is intended solely for the individual or company to whom it is addressed and may not be copied, forwarded, transmitted or otherwise distributed in any manner or form to any other party. If you are not the intended recipient or the person responsible for delivering this e-mail to the intended recipient, please indicate so and return this email to the sender, after which, kindly delete it from your computer as well as your email server. Without limitation, LCL Navigation accepts no liability whatsoever and howsoever caused in connection with the use of this email. And this email is strictly confidential and may be privileged information. In fact you will break the law if you read it. When you hear the sirens please don't run. If you do run we'll still get you but we'll be mighty pissed off when we do. And you never want to piss us off. You have been warned. Have a nice day ;) -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php