subject:"RE\: \[PHP\] quotes"

RE: [PHP] Quotes in Heredoc

2011-02-28 Thread tedd


At 8:23 AM -0500 2/28/11, Bob McConnell wrote:

From: Ashim Kapoor

 From Ashley Sheridan

 The quotes you mention are in the HTML, nothing to do with PHP. HTML

will

 work without the quotes in most cases (unless there's a space in the

value

 for the attribute) but the quotes are required in XHTML and will

cause

 unexpected results.


 Can you elaborate on the XHTML part? Do you mean they are required in

XHTML

 but optional in HTML ?


Please keep your attribution levels straight.

XHTML also requires all tags, attribute labels and values to be in lower
case and values must be quoted. So your original content should be

 
 
 

You should install the HTML Validtor plug-in for Firefox and use it
regularly to catch all of the errors you can. Some of this can also be
replaced with style sheets.

Bob McConnell


In addition to what Bob wrote, do yourself a favor and use css to 
more style declarations (cellpadding, border, align) to a css file. 
That's much easier to maintain.


Cheers,

tedd



--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Quotes in Heredoc

2011-02-28 Thread Bob McConnell

From: Ashim Kapoor
> From Ashley Sheridan
>> The quotes you mention are in the HTML, nothing to do with PHP. HTML
will
>> work without the quotes in most cases (unless there's a space in the
value
>> for the attribute) but the quotes are required in XHTML and will
cause
>> unexpected results.
> 
> Can you elaborate on the XHTML part? Do you mean they are required in
XHTML
> but optional in HTML ?

Please keep your attribution levels straight.

XHTML also requires all tags, attribute labels and values to be in lower
case and values must be quoted. So your original content should be

 
 
 

You should install the HTML Validtor plug-in for Firefox and use it
regularly to catch all of the errors you can. Some of this can also be
replaced with style sheets.

Bob McConnell

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in Heredoc

2011-02-26 Thread Ashim Kapoor

Yes, in HTML the quotes are optional, but they are required in XHTML
documents:

> http://www.w3.org/TR/xhtml1/diffs.html#h-4.4
>

Ok Thank you,
Ashim

Re: [PHP] Quotes in Heredoc

2011-02-26 Thread Ashley Sheridan

On Sat, 2011-02-26 at 16:27 +0530, Ashim Kapoor wrote:

> The quotes you mention are in the HTML, nothing to do with PHP. HTML will
> work without the quotes in most cases (unless there's a space in the value
> for the attribute) but the quotes are required in XHTML and will cause
> unexpected results.
> 
> Can you elaborate on the XHTML part? Do you mean they are required in XHTML
> but optional in HTML ?
> 
> Many thanks,
> Ashim.


Yes, in HTML the quotes are optional, but they are required in XHTML
documents:
http://www.w3.org/TR/xhtml1/diffs.html#h-4.4


Thanks,
Ash
http://www.ashleysheridan.co.uk

Re: [PHP] Quotes in Heredoc

2011-02-26 Thread Ashim Kapoor

The quotes you mention are in the HTML, nothing to do with PHP. HTML will
work without the quotes in most cases (unless there's a space in the value
for the attribute) but the quotes are required in XHTML and will cause
unexpected results.

Can you elaborate on the XHTML part? Do you mean they are required in XHTML
but optional in HTML ?

Many thanks,
Ashim.

Re: [PHP] Quotes in Heredoc

2011-02-26 Thread Ashley Sheridan

On Sat, 2011-02-26 at 14:41 +0530, Ashim Kapoor wrote:

> Dear All,
> 
> I am learning PHP by reading a book. My query pertains to the following
> lines : -
> 
> $form_str = <<< EOFORMSTR
>  WIDTH=621>
> 
>  SRC=../images/spacer.gif>
> 
> 
> .
> 
> My query is that is it true that we don't need to do
> 
> 
> ie. we don't need to quote the value of the options in Heredoc. Is that
> correct?
> 
> Many thanks,
> Ashim.

The quotes you mention are in the HTML, nothing to do with PHP. HTML
will work without the quotes in most cases (unless there's a space in
the value for the attribute) but the quotes are required in XHTML and
will cause unexpected results.

The only difference Heredoc makes in PHP is that the strings you write
don't require characters to be escaped, which you would have to do
normally in traditional quoted strings.

Thanks,
Ash
http://www.ashleysheridan.co.uk

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread Richard Quadling

On 6 August 2010 16:18, Bill Guion  wrote:
> At 8:31 AM -0400 08/06/10, tedd wrote:
>
>> Cheers,
>>
>> tedd
>>
>> PS: Considering that this is Friday. I have a grammar question for the
>> group. I said above:
>>
>> "neither CSS, PHP, or any web language exist in a vacuum."
>>
>> Is the word "neither" appropriate in this sentence?
>>
>> Normally, two items can be compared by "neither"  or "nor", but what about
>> more than two items? Is it appropriate to use "neither"  or "nor" for more
>> than two items?
>
> Somewhere along the line, probably in college (if it were before college, it
> would have been so long ago I would have forgotten it), a professor said to
> handle this sort of thing thusly:
>
> neither A, nor B, nor C 
>
> A little more wordy, but completely unambiguous.

"neither CSS, PHP, nor any web language exist in a vacuum."

would probably do. All negatives, so little wiggle room really.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread Bill Guion


At 8:31 AM -0400 08/06/10, tedd wrote:


Cheers,

tedd

PS: Considering that this is Friday. I have a grammar question for 
the group. I said above:


"neither CSS, PHP, or any web language exist in a vacuum."

Is the word "neither" appropriate in this sentence?

Normally, two items can be compared by "neither"  or "nor", but what 
about more than two items? Is it appropriate to use "neither"  or 
"nor" for more than two items?


Somewhere along the line, probably in college (if it were before 
college, it would have been so long ago I would have forgotten it), a 
professor said to handle this sort of thing thusly:


neither A, nor B, nor C 

A little more wordy, but completely unambiguous.

 -= Bill =-
--

Don't find fault. Find a remedy. - Henry Ford
  



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread tedd


At 9:09 AM -0400 8/6/10, Andrew Ballard wrote:

On Fri, Aug 6, 2010 at 8:31 AM, tedd  wrote:

 While it may not be obvious, the statement:


 > 


 is flawed (IMO).

 The "best" way to handle this is to define a class (or id) for the table in
 a css file and then set the border (i.e., styling) to whatever you want. For
 example, your HTML would look like:

 

 And your CSS would contain:

 .my_table
   {
   border: 1px solid black;
   }



I more or less agree with you, but sometimes it's technically a little
more difficult than that.

-snip-

As is often the case with CSS, that's a good bit more text to
accomplish the same effect as an older, smaller attribute.  :-)

Andrew


Andrew:

The problem you cite is well said and your point is well taken.

However, the main point I am making is to move this problem totally 
out of the HTML/PHP arena and place it where it belongs, which is 
inside CSS -- after it *is* a presentation problem.


IMO, it is *far* better to deal with browser comparability problems 
from one CSS file than it is to sort through all your PHP files 
looking for the phrase . From my experience, when 
you have a problem, it is always better to give it a name and deal 
with it from one location.


As for "older, smaller attributes", they are only getting older and 
their importance lessens with time (I can relate.) :-)


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread Andrew Ballard

On Fri, Aug 6, 2010 at 8:31 AM, tedd  wrote:
> While it may not be obvious, the statement:
>
> 
>
> is flawed (IMO).
>
> The "best" way to handle this is to define a class (or id) for the table in
> a css file and then set the border (i.e., styling) to whatever you want. For
> example, your HTML would look like:
>
> 
>
> And your CSS would contain:
>
> .my_table
>   {
>   border: 1px solid black;
>   }
>

I more or less agree with you, but sometimes it's technically a little
more difficult than that. The border attribute on the table tag
affects not only the table itself, but also the cells inside it. The
CSS attribute only draws a border around the table. I believe the CSS
equivalent of how most browsers (I tested Fx 3.6.8, IE 7, Google
Chrome 5, Opera 10.53, and Safari (Windows) 5.0.1) render  takes a little more:

table.my_table,
table.my_table > thead > tr > th,
table.my_table > tbody > tr > th,
table.my_table > tfoot > tr > th,
table.my_table > thead > tr > td,
table.my_table > tbody > tr > td,
table.my_table > tfoot > tr > td
{
border: solid 1px black;
}

And, of the browsers listed above, IE7 did not render the table
correctly. (I'm guessing it must not properly handle the child CSS
selectors.) If you do it without the child selectors:

table.my_table,
table.my_table th,
table.my_table td
{
border: solid 1px black;
}

All the browsers render it the same, but it has the side effect that
cells in nested tables also inherit the borders unless you do
something to exclude them:

table.my_table,
table.my_table th,
table.my_table td
{
border: solid 1px black;
}

table.my_table table,
table.my_table table th,
table.my_table table td
{
border: none;
}

As is often the case with CSS, that's a good bit more text to
accomplish the same effect as an older, smaller attribute.  :-)

Andrew

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread Richard Quadling

On 6 August 2010 13:31, tedd  wrote:
>I have a grammar question for the
> group. I said above:
>
> "neither CSS, PHP, or any web language exist in a vacuum."
>
> Is the word "neither" appropriate in this sentence?
>
> Normally, two items can be compared by "neither"  or "nor", but what about
> more than two items? Is it appropriate to use "neither"  or "nor" for more
> than two items?
>

http://en.wikipedia.org/wiki/Neither says that "either" can be used
for many items if they are in a list (like you've used), so neither
would probably follow the same argument.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread Floyd Resler


On Aug 6, 2010, at 8:08 AM, tedd wrote:

> At 10:10 PM -0400 8/5/10, Rick Dwyer wrote:
>> 2nd question, in the 3 [2] lines below:
>> 
>> $checkstat = "select field from table where fieldid = $field_id";
>> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute 
>> query");
>> 
>> If I were to recode in the latter style, should they not look like this:
>> 
>> $checkstat = 'select field from table where fieldid = "'.$field_id.'"';
>> $result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute 
>> query');
> 
> Rick:
> 
> Others gave you good advice on quotes, but I'll address your second question 
> on database queries.
> 
> The following is in the form of what I normally do:
> 
> $query = "SELECT field FROM table WHERE field_id = '$field_id' ";
> $result = mysql_query($query) or die("Couldn't execute query");
> 
> Please note these are my preferences (others may have different preferences):
> 
> 1. I use UPPERCASE for all MySQL syntax.
> 
> 2. I do not use the @ before mysql_query because that suppresses errors. I 
> prefer to see errors and fix them.
> 
> 3. It's not necessary to include the second argument (i.e., $connection) in 
> mysql_query.
> 
> 4. IMO, a query should be named $query and a result should be named $result. 
> If I have several results, then I use $result1, $result2, $result3, and so on.
> 
> 5. I try to match MySQL field names to PHP variable names, such as field_id = 
> '$field_id'. This makes it easier for me to read and debug.
> 
> 6. Also note that the PHP variable $field_id is enclosed in single quotes 
> within the query.
> 
> 7. For sake of readability, in the query I also place a space after the last 
> single quote and before the ending double quote, such as field_id = 
> '$field_id' ". -- I do not like, nor is it readable, to have a singledouble 
> quote (i.e., '").
> 
> There is one additional thing that I do, but it requires an included 
> function. For your kind review, in my query I do this:
> 
> $result = mysql_query($query) or die(report($query,__LINE__,__FILE__)));
> 
> and the report function I include to the script is:
> 
>  //  show dB errors  ==
> 
> function report($query, $line, $file)
>   {
>   echo($query . '' .$line . '' . $file . '' . mysql_error());
>   }
> ?>
> 
> That way, if something goes wrong, the report function will show in what file 
> and at what line number the error occurred. Now, this is OK for development, 
> but for production you should comment out the echo so you don't report errors 
> publicly. Besides, you should have all the errors fixed before your script 
> becomes production anyway, right?  :-)
> 
> HTH,
> 
> tedd
> 

Tedd,
Well said!  I pretty much follow those same standards as well.  
Especially with the naming of variables to match field names.  I also make sure 
that any form field names match my database names.  It makes updating and 
inserting records so much easier!  I've written a database class that allows me 
to update and insert records as easily as this:
$db->insert("table_name",$_POST);
$db->update("table_name","id_field_name",$id,$_POST);

And, yes, I do sanitize the data to make sure it doesn't do bad things to my 
database! :)

Take care,
Floyd



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread tedd


At 9:05 PM -0700 8/5/10, Michael Shadle wrote:


Leave the single quotes for parameters, indexes, code, not attributes - $.02


Agreed.

"Render unto Caesar (HTML) the things that are Caesar's and unto God 
(PHP -- Lord forgive me) the things that are God's."


In other words, when writing code in another language use the syntax 
that is appropriate for that language


Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread tedd

At 11:00 PM -0400 8/5/10, Paul M Foster wrote:

On Thu, Aug 05, 2010 at 10:10:26PM -0400, Rick Dwyer wrote:

 > echo "

 And elsewhere on the page it follows:

 > echo '

Not acceptable and sloppy. Be consistent in your coding style. In
general, HTML attributes should be surrounded by double quotes. I don't
know about javascript. Moreover, it's generally better to simply output
HTML rather than to echo it, like:

Rick:

I agree with Paul.

I would only add that you should use what languages best serve your 
needs. While it may not be obvious, the statement:

is flawed (IMO).

The "best" way to handle this is to define a class (or id) for the 
table in a css file and then set the border (i.e., styling) to 
whatever you want. For example, your HTML would look like:

And your CSS would contain:

.my_table
   {
   border: 1px solid black;
   }

That way at some future date, you may want to change the border 
color, size, whatever and it's a trivial thing to do so without 
having to search through all your code to find ill-placed styling 
attributes.

As I always say, neither CSS, PHP, or any web language exist in a 
vacuum. It always best to use whatever language that makes your life 
(and others) simpler.

Cheers,

tedd

PS: Considering that this is Friday. I have a grammar question for 
the group. I said above:

"neither CSS, PHP, or any web language exist in a vacuum."

Is the word "neither" appropriate in this sentence?

Normally, two items can be compared by "neither"  or "nor", but what 
about more than two items? Is it appropriate to use "neither"  or 
"nor" for more than two items?

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread tedd


At 10:10 PM -0400 8/5/10, Rick Dwyer wrote:

2nd question, in the 3 [2] lines below:

$checkstat = "select field from table where fieldid = $field_id";
$result1 = @mysql_query($checkstat,$connection) or die("Couldn't 
execute query");


If I were to recode in the latter style, should they not look like this:

$checkstat = 'select field from table where fieldid = "'.$field_id.'"';
$result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t 
execute query');


Rick:

Others gave you good advice on quotes, but I'll address your second 
question on database queries.


The following is in the form of what I normally do:

$query = "SELECT field FROM table WHERE field_id = '$field_id' ";
$result = mysql_query($query) or die("Couldn't execute query");

Please note these are my preferences (others may have different preferences):

1. I use UPPERCASE for all MySQL syntax.

2. I do not use the @ before mysql_query because that suppresses 
errors. I prefer to see errors and fix them.


3. It's not necessary to include the second argument (i.e., 
$connection) in mysql_query.


4. IMO, a query should be named $query and a result should be named 
$result. If I have several results, then I use $result1, $result2, 
$result3, and so on.


5. I try to match MySQL field names to PHP variable names, such as 
field_id = '$field_id'. This makes it easier for me to read and debug.


6. Also note that the PHP variable $field_id is enclosed in single 
quotes within the query.


7. For sake of readability, in the query I also place a space after 
the last single quote and before the ending double quote, such as 
field_id = '$field_id' ". -- I do not like, nor is it readable, to 
have a singledouble quote (i.e., '").


There is one additional thing that I do, but it requires an included 
function. For your kind review, in my query I do this:


$result = mysql_query($query) or die(report($query,__LINE__,__FILE__)));

and the report function I include to the script is:

' .$line . '' . $file . '' . mysql_error());
   }
?>

That way, if something goes wrong, the report function will show in 
what file and at what line number the error occurred. Now, this is OK 
for development, but for production you should comment out the echo 
so you don't report errors publicly. Besides, you should have all the 
errors fixed before your script becomes production anyway, right?  :-)


HTH,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-06 Thread Richard Quadling

On 6 August 2010 07:34, Peter Lind  wrote:
> On 6 August 2010 04:10, Rick Dwyer  wrote:
>> Hi List.
>> I've mentioned before that I am both just beginning to learn PHP AND I have 
>> inherited a number of pages that I'm trying to clean up the w3c validation 
>> on.
>>
>> Something that confuses me is how the code on the page is written where in 
>> one instance, it follows this:
>>
>> echo "
>>
>> And elsewhere on the page it follows:
>>
>> echo '
>>
>> In what I've read and from many of the suggestions from this board, the 
>> latter seems to be the better way to code, generally speaking.
>>
>
> It isn't better or worse. The only thing that makes a difference is
> what suits you - stick to what works for you. Both double-quotes and
> single-quotes can result in gotchas (in double quotes you have to
> escape more, which you have to keep in mind, whereas in single quotes
> you have a lot less power, which you might forget). There's no
> difference in performance, which leaves just one thing: personal
> preference.
>
> Regards
> Peter
>
> --
> 
> WWW: http://plphp.dk / http://plind.dk
> LinkedIn: http://www.linkedin.com/in/plind
> BeWelcome/Couchsurfing: Fake51
> Twitter: http://twitter.com/kafe15
> 
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You also have heredoc ...

 'A "daft" div. Click me and you\'re a numpty.');

echo <<

All In One

 The div below should say that it is a "daft" div and if you
click it then you're a numpty.
 {$array['value']}

END_HTML_WITH_EMBEDDED_JS;
?>

will output ...

All In One

 A "daft" div. Click me and you're a numpty.

The above example shows how escaping can be minimized. I've done it
manually, but it could have been done by using htmlentities() or
htmlspecialchars() with ENT_QUOTES.

Only the JS code needed the escaping. The \" because the " is in an
attribute value (which used " as the delimiter) and the \' because the
' is used as a string delimiter for the alert() call.

Obviously, it IS a bit of a mess. Using normal string concatenation,
it becomes a lot harder.

 'A "daft" div. Click me and you\'re a numpty.');

echo "

All In One

 The div below should say that it is a \"daft\" div and if you
click it then you're a numpty.
 {$array['value']}

";
?>

So, 3 \. The first \ is to escape the second \, the third to escape
the ". Which results in \" which is an escape of the " in the HTML.

Now imagine the above string was a search and replace via some regular
expression. Sure you _can_ work it out, but sometimes you just keep
adding \ until it works.

You may need upto 6 \ in a row... or more!

Richard.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Peter Lind

On 6 August 2010 04:10, Rick Dwyer  wrote:
> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have 
> inherited a number of pages that I'm trying to clean up the w3c validation on.
>
> Something that confuses me is how the code on the page is written where in 
> one instance, it follows this:
>
> echo "
>
> And elsewhere on the page it follows:
>
> echo '
>
> In what I've read and from many of the suggestions from this board, the 
> latter seems to be the better way to code, generally speaking.
>

It isn't better or worse. The only thing that makes a difference is
what suits you - stick to what works for you. Both double-quotes and
single-quotes can result in gotchas (in double quotes you have to
escape more, which you have to keep in mind, whereas in single quotes
you have a lot less power, which you might forget). There's no
difference in performance, which leaves just one thing: personal
preference.

Regards
Peter

-- 

WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Michael Shadle

On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson  wrote:

> Tim Bray, who knows a little bit about XML dialects (tongue in cheek),
> appears to default to the single quote as his delimiter of choice:
> http://www.tbray.org/ongoing/

Side note, looks like his stuff is auto-generated by something, so
it's defined once and replicated many times for templating... but also
I do see some attributes with double quotes mixed in, i.e.:

I work for Google, but the opinions expressed here
are my own, and no other party necessarily
agrees with them.
A full disclosure of my professional interests is on the author page.

Contributions
Comment feed for ongoing:

Serif  ·
Sans-Serif

I should say also - double quotes helps when using inline JavaScript
in attributes too :) add that to my reasons. I just default to double
quotes because of history developing things, it just works easier.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Michael Shadle

On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson  wrote:

> I would suggest that saying  is "the wrong way" is a
> rather strong assessment.  Whether you're talking about SGML (the
> grandparent), XML (the parent), or XHTML, the use of a single quote is
> perfectly valid, and has served a purpose since inception.  If I'm crafting
> markup and embedding something that has a double quote within an attribute
> (often times an alt attribute on an image), I don't hesitate to use the
> single quote as the attribute delimiter.  That said, it's often easier if
> you standardize on one, and most choose to use double quotes the default
> delimiter.

> That said, if there are some sources to point to that make a case for the
> deprecation of single quotes in (X)HTML attributes, please let me know.

Well, most people use htmlspecialchars() to encode text for safe
display to a browser.

By default, it only encodes double quotes:
http://php.net/htmlspecialchars

"The default mode, ENT_COMPAT, is the backwards compatible mode which
only translates the double-quote character and leaves the single-quote
untranslated."

We've run into issues where we thought our forms were fairly secure,
but some people decided to echo ""
type stuff, which works fine if you encapsulate attributes in double
quotes, but in single quotes, we found out that anyone who had a
single quote in that value would break the page.

Now, I typically use a central wrapper function for encoding and
decoding, and if it was in use there, sure, I could have thrown in
ENT_QUOTES and solved that issue.

However, the vast majority of everything uses double quotes, and there
is not really a reason to NOT use them.

Of course, I put it out there like that to simply push it because it
should be appropriate for everyone. You are right though - it WILL
work with single quotes (as we can see), but I recommend a single way
of doing things to keep things consistent, and it has been the
unspoken standard everywhere I've ever looked for markup...

(Funny enough, that page has an example with a single quoted attribute)

Leave the single quotes for parameters, indexes, code, not attributes - $.02

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Adam Richardson

On Thu, Aug 5, 2010 at 10:53 PM, Rick Dwyer  wrote:

>
> On Aug 5, 2010, at 10:43 PM, Michael Shadle wrote:
>
> >
> > For HTML, -always- use double quotes.
> >
> >  is the right way.
> >  is the wrong way.
> >
> > I'd go into more explanation but there simply doesn't need to be one.
>

I would suggest that saying  is "the wrong way" is a
rather strong assessment.  Whether you're talking about SGML (the
grandparent), XML (the parent), or XHTML, the use of a single quote is
perfectly valid, and has served a purpose since inception.  If I'm crafting
markup and embedding something that has a double quote within an attribute
(often times an alt attribute on an image), I don't hesitate to use the
single quote as the attribute delimiter.  That said, it's often easier if
you standardize on one, and most choose to use double quotes the default
delimiter.

Tim Bray, who knows a little bit about XML dialects (tongue in cheek),
appears to default to the single quote as his delimiter of choice:
http://www.tbray.org/ongoing/

Now, speaking to questions/concerns about javascript events frequent use of
single quotes beg the question:  Why are you embedding javascript events
into the markup of the page?  I'm aware of many sources that advocate
against mixing javascript and html in this way (see the books PPK on
Javascript, DOM Scripting, etc.)

That said, if there are some sources to point to that make a case for the
deprecation of single quotes in (X)HTML attributes, please let me know.

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Paul M Foster

On Thu, Aug 05, 2010 at 10:10:26PM -0400, Rick Dwyer wrote:

> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have 
> inherited a number of pages that I'm trying to clean up the w3c validation on.
> 
> Something that confuses me is how the code on the page is written where in 
> one instance, it follows this:
> 
> echo "
> 
> And elsewhere on the page it follows:
> 
> echo '
> 
> In what I've read and from many of the suggestions from this board, the 
> latter seems to be the better way to code, generally speaking.
> 
> So given that the page has javascript in it, perhaps the reason for the 
> previous developer switching between the two was for ease of incorporating 
> JS? Don't really know... but what I would like to know is it considered 
> poor coding switch between the two on a single page or is it perfectly 
> acceptable?
> 

Not acceptable and sloppy. Be consistent in your coding style. In
general, HTML attributes should be surrounded by double quotes. I don't
know about javascript. Moreover, it's generally better to simply output
HTML rather than to echo it, like:







> 2nd question, in the 3 lines below:
> 
> $_SESSION['newpage'] = $newpage;
> $checkstat = "select field from table where fieldid = $field_id";
> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute 
> query");
> 
> 
> If I were to recode in the latter style, should they not look like this:
> 
> $_SESSION['newpage'] = $newpage;
> $checkstat = 'select field from table where fieldid = "'.$field_id.'"';
> $result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute 
> query');
> 

This is a matter of taste, but I've heard that if you can do it without
string concatenation, it executes faster. In my opinion, the former is
better because it's easier to follow than the second, where you have
strings concatenated with single and double quotes all over the place.

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Rick Dwyer


On Aug 5, 2010, at 10:43 PM, Michael Shadle wrote:

> On Thu, Aug 5, 2010 at 7:10 PM, Rick Dwyer  wrote:
>> Hi List.
>> I've mentioned before that I am both just beginning to learn PHP AND I have 
>> inherited a number of pages that I'm trying to clean up the w3c validation 
>> on.
>> 
>> Something that confuses me is how the code on the page is written where in 
>> one instance, it follows this:
>> 
>> echo "
>> 
>> And elsewhere on the page it follows:
>> 
>> echo '
>> 
>> In what I've read and from many of the suggestions from this board, the 
>> latter seems to be the better way to code, generally speaking.
>> 
>> So given that the page has javascript in it, perhaps the reason for the 
>> previous developer switching between the two was for ease of incorporating 
>> JS? Don't really know... but what I would like to know is it considered 
>> poor coding switch between the two on a single page or is it perfectly 
>> acceptable?
>> 
>> 2nd question, in the 3 lines below:
>> 
>> $_SESSION['newpage'] = $newpage;
>> $checkstat = "select field from table where fieldid = $field_id";
>> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute 
>> query");
> 
> You could always do:
> 
> $result1 = mysql_query("SELECT field FROM table WHERE fieldid =
> $field_id", $connection) or die("Couldn't execute query");
> 
> a) I capped SQL verbs. Make it more readable :)
> b) why make a variable just to throw it in the next line?
> c) Make sure $field_id is truly an integer. If not, intval,
> mysql_escape_string, something along those lines. Also put it in
> single quotes if not an integer.
> d) I left double quotes in the error, because it has a single quote
> inside of it. The small micro-optimization performance you might get
> is probably not worth the readability factor.
> 
> My general rules of thumb:
> 
> I use double quotes if:
> a) I have single quotes inside the string
> b) I need variables to be parsed
> c) I need control characters like \n parsed
> 
> I use single quotes always:
> a) For array indexes $foo['bar']
> b) If I don't need variable parsing, control characters, etc. why not?
> 
> You'll get a minimal performance gain by using single quotes
> everywhere in PHP where you don't -need- double quotes, but that's a
> micro-optimization and there's probably more important things for you
> to be doing.
> 
> For HTML, -always- use double quotes.
> 
>  is the right way.
>  is the wrong way.
> 
> I'd go into more explanation but there simply doesn't need to be one.

Michael:

Well put.. exactly the type of instruction I was looking for.

Thanks,
--Rick







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Michael Shadle

On Thu, Aug 5, 2010 at 7:10 PM, Rick Dwyer  wrote:
> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have 
> inherited a number of pages that I'm trying to clean up the w3c validation on.
>
> Something that confuses me is how the code on the page is written where in 
> one instance, it follows this:
>
> echo "
>
> And elsewhere on the page it follows:
>
> echo '
>
> In what I've read and from many of the suggestions from this board, the 
> latter seems to be the better way to code, generally speaking.
>
> So given that the page has javascript in it, perhaps the reason for the 
> previous developer switching between the two was for ease of incorporating 
> JS? Don't really know... but what I would like to know is it considered 
> poor coding switch between the two on a single page or is it perfectly 
> acceptable?
>
> 2nd question, in the 3 lines below:
>
> $_SESSION['newpage'] = $newpage;
> $checkstat = "select field from table where fieldid = $field_id";
> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute 
> query");

You could always do:

$result1 = mysql_query("SELECT field FROM table WHERE fieldid =
$field_id", $connection) or die("Couldn't execute query");

a) I capped SQL verbs. Make it more readable :)
b) why make a variable just to throw it in the next line?
c) Make sure $field_id is truly an integer. If not, intval,
mysql_escape_string, something along those lines. Also put it in
single quotes if not an integer.
d) I left double quotes in the error, because it has a single quote
inside of it. The small micro-optimization performance you might get
is probably not worth the readability factor.

My general rules of thumb:

I use double quotes if:
a) I have single quotes inside the string
b) I need variables to be parsed
c) I need control characters like \n parsed

I use single quotes always:
a) For array indexes $foo['bar']
b) If I don't need variable parsing, control characters, etc. why not?

You'll get a minimal performance gain by using single quotes
everywhere in PHP where you don't -need- double quotes, but that's a
micro-optimization and there's probably more important things for you
to be doing.

For HTML, -always- use double quotes.

 is the right way.
 is the wrong way.

I'd go into more explanation but there simply doesn't need to be one.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes vs. Single Quote

2010-08-05 Thread Josh Kehn


On Aug 5, 2010, at 10:10 PM, Rick Dwyer wrote:

> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have 
> inherited a number of pages that I'm trying to clean up the w3c validation on.
> 
> Something that confuses me is how the code on the page is written where in 
> one instance, it follows this:
> 
> echo "
> 
> And elsewhere on the page it follows:
> 
> echo '
> 
> In what I've read and from many of the suggestions from this board, the 
> latter seems to be the better way to code, generally speaking.
> 
> So given that the page has javascript in it, perhaps the reason for the 
> previous developer switching between the two was for ease of incorporating 
> JS? Don't really know... but what I would like to know is it considered 
> poor coding switch between the two on a single page or is it perfectly 
> acceptable?
> 
> 2nd question, in the 3 lines below:
> 
> $_SESSION['newpage'] = $newpage;
> $checkstat = "select field from table where fieldid = $field_id";
> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute 
> query");
> 
> 
> If I were to recode in the latter style, should they not look like this:
> 
> $_SESSION['newpage'] = $newpage;
> $checkstat = 'select field from table where fieldid = "'.$field_id.'"';
> $result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute 
> query');
> 
> 
> The focus being here:
> 
> "'.$field_id.'"';
> ('Couldn\'t execute query')
> 
> Is this correct?
> 
> Thanks for the help.
> 
> --Rick
> 
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
Rick-

It is generally accepted that you should use single quotes whenever possible. I 
only use double quotes when writing SQL queries (so I don't have to continually 
escape them for the single quotes) and when I need to output control characters 
like "\r" or "\n". 

It would be considered "best practice" to make consistent use of them, but it 
wouldn't be something I would loose sleep over.

Regards,

-Josh
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-15 Thread Thodoris







It is over head, but it caches the execution plan for multiple runs 
of the

script. So different users with different data will use the same cached
query on the database. Saving processing time. It also prevents SQL
injection on the fly because you are indicating what data type each 
place

holder will need to accept.


No, it's per session.

http://dev.mysql.com/doc/refman/5.0/en/sql-syntax-prepared-statements.html 



The scope of a prepared statement is the client session within which 
it is created. Other clients cannot see it.




Well he probably meant that the mysql server will cache the query and 
that is true. But I think that mysql uses the cache only if the query is 
the exact same...


So it does no good in this case.

--
Thodoris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Chris






It is over head, but it caches the execution plan for multiple runs of the
script. So different users with different data will use the same cached
query on the database. Saving processing time. It also prevents SQL
injection on the fly because you are indicating what data type each place
holder will need to accept.


No, it's per session.

http://dev.mysql.com/doc/refman/5.0/en/sql-syntax-prepared-statements.html

The scope of a prepared statement is the client session within which it 
is created. Other clients cannot see it.


--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Ashley Sheridan

On Wed, 2009-01-14 at 15:24 -0500, Frank Stanovcak wrote:
> "Ashley Sheridan"  wrote in message 
> news:1231962521.3613.13.ca...@localhost.localdomain...
> > On Wed, 2009-01-14 at 11:17 -0500, MikeP wrote:
> >> Hello,
> >> I am trying to get the following to work:
> >> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'"
> >> Netid is a string type.
> >> No matter where of if I put the quotes, I still get array[phpCAS] not the
> >> value.
> >> If there is anything I still have trouble with after all these years its
> >> quoting variables.
> >> Help?
> >> Thanks
> >> Mike
> >>
> >>
> >>
> > I always go with this:
> >
> > "Select Netid from Users where Netid = '{$_SESSION[phpCAS][user]}'"
> >
> > The curly braces allow PHP to use the full variable you intended. Note
> > that you may need single quote marks around the text in each square
> > bracket block or PHP my give you a warning about an unintended string
> > literal.
> >
> >
> > Ash
> > www.ashleysheridan.co.uk
> >
> 
> even though it might have it's drawbacks I've never had a problem with 
> concat for sql statements.
> 
> $sqlstmt = "Select Netid from Users where Netid = '" . 
> $_SESSION['phpCAS']['user']} . "'";
> 
> 
> Frank
> 
> 
> 
That wont work, you forgot to take out the extra } at the end ;)


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Frank Stanovcak

"Ashley Sheridan"  wrote in message 
news:1231962521.3613.13.ca...@localhost.localdomain...
> On Wed, 2009-01-14 at 11:17 -0500, MikeP wrote:
>> Hello,
>> I am trying to get the following to work:
>> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'"
>> Netid is a string type.
>> No matter where of if I put the quotes, I still get array[phpCAS] not the
>> value.
>> If there is anything I still have trouble with after all these years its
>> quoting variables.
>> Help?
>> Thanks
>> Mike
>>
>>
>>
> I always go with this:
>
> "Select Netid from Users where Netid = '{$_SESSION[phpCAS][user]}'"
>
> The curly braces allow PHP to use the full variable you intended. Note
> that you may need single quote marks around the text in each square
> bracket block or PHP my give you a warning about an unintended string
> literal.
>
>
> Ash
> www.ashleysheridan.co.uk
>

even though it might have it's drawbacks I've never had a problem with 
concat for sql statements.

$sqlstmt = "Select Netid from Users where Netid = '" . 
$_SESSION['phpCAS']['user']} . "'";


Frank



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Ashley Sheridan

On Wed, 2009-01-14 at 11:17 -0500, MikeP wrote:
> Hello,
> I am trying to get the following to work:
> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'"
> Netid is a string type.
> No matter where of if I put the quotes, I still get array[phpCAS] not the 
> value.
> If there is anything I still have trouble with after all these years its 
> quoting variables.
> Help?
> Thanks
> Mike 
> 
> 
> 
I always go with this:

"Select Netid from Users where Netid = '{$_SESSION[phpCAS][user]}'"

The curly braces allow PHP to use the full variable you intended. Note
that you may need single quote marks around the text in each square
bracket block or PHP my give you a warning about an unintended string
literal.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Kyle Terry

On Wed, Jan 14, 2009 at 9:11 AM,  wrote:

>
> > Doesn't anybody use prepared statements these days? It even helps MySQL
> > AND Oracle cache an execution plan...
>
> Forgive me if I'm wrong, but:
>
> Caching an execution plan for a prepared statement that is run only once in
> the script is just overhead, no?
>
> Or can it actually re-use the same cached statement from a different
> connection by some magical matching up of the context??? Doesn't seem like
> the kind of thing that would be workable, but what do I know?
>
> Now if you said "... allows the DB to cold-stop any SQL injection" you'd be
> 100% right. :-)
>
> So MikeP should really consider using prepared statements for that reason,
> as it lets the DB do the escaping.
>
> PS
> I think MikeP is saying he writes the code once and gets it working, then
> goes back and adds the escaping in later.  This is fine if you ALWAYS
> remember to do that, but in a frenzy to release under pressure... Bad Idea!
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
It is over head, but it caches the execution plan for multiple runs of the
script. So different users with different data will use the same cached
query on the database. Saving processing time. It also prevents SQL
injection on the fly because you are indicating what data type each place
holder will need to accept.

-- 
Kyle Terry | www.kyleterry.com

Re: [PHP] Quotes in querys

2009-01-14 Thread ceo


> Doesn't anybody use prepared statements these days? It even helps MySQL

> AND Oracle cache an execution plan...



Forgive me if I'm wrong, but:



Caching an execution plan for a prepared statement that is run only once in the 
script is just overhead, no?



Or can it actually re-use the same cached statement from a different connection 
by some magical matching up of the context??? Doesn't seem like the kind of 
thing that would be workable, but what do I know?



Now if you said "... allows the DB to cold-stop any SQL injection" you'd be 
100% right. :-)



So MikeP should really consider using prepared statements for that reason, as 
it lets the DB do the escaping.



PS

I think MikeP is saying he writes the code once and gets it working, then goes 
back and adds the escaping in later.  This is fine if you ALWAYS remember to do 
that, but in a frenzy to release under pressure... Bad Idea!



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Kyle Terry

On Wed, Jan 14, 2009 at 8:41 AM, MikeP  wrote:

> Thanks, Thats the kind of help I was looking for.
> Mike
>  wrote in message
> news:20090114162142.65944.qm...@o2.hostbaby.com...
> >
> > You can only interpolate ONE level of array or object indirection in a
> > string.
> >
> > WORKS:
> > "... $foo[x] ..."
> > "... $foo->x ..."
> >
> > FAILS:
> > "... $foo[x][y] ..."
> > "... $foo->x->y ..." //almost for sure it fails, never tried...
> >
> > You can use curly braces in side a string to evaluate something:
> >
> > WORKS:
> > "... {$foo[x][y]} ..."
> > "... {$foo->x->y} ..."
> >
> > [soapbox]
> > I personally think this is possibly the ugliest wart of variable/string
> > interpolation.
> >
> > Not sure how/why it came about, but it makes zero sense, really...
> > [/soapbox]
> >
> > ymmv
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Doesn't anybody use prepared statements these days? It even helps MySQL AND
Oracle cache an execution plan...

-- 
Kyle Terry | www.kyleterry.com

Re: [PHP] Quotes in querys

2009-01-14 Thread MikeP

Thanks, Thats the kind of help I was looking for.
Mike
 wrote in message 
news:20090114162142.65944.qm...@o2.hostbaby.com...
>
> You can only interpolate ONE level of array or object indirection in a 
> string.
>
> WORKS:
> "... $foo[x] ..."
> "... $foo->x ..."
>
> FAILS:
> "... $foo[x][y] ..."
> "... $foo->x->y ..." //almost for sure it fails, never tried...
>
> You can use curly braces in side a string to evaluate something:
>
> WORKS:
> "... {$foo[x][y]} ..."
> "... {$foo->x->y} ..."
>
> [soapbox]
> I personally think this is possibly the ugliest wart of variable/string 
> interpolation.
>
> Not sure how/why it came about, but it makes zero sense, really...
> [/soapbox]
>
> ymmv
> 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Eric Butera

On Wed, Jan 14, 2009 at 11:34 AM, MikeP  wrote:
>
> ""Eric Butera""  wrote in message
> news:6a8639eb0901140825h1d603d01i3ffcce919dca6...@mail.gmail.com...
>> On Wed, Jan 14, 2009 at 11:17 AM, MikeP  wrote:
>>> Hello,
>>> I am trying to get the following to work:
>>> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'"
>>> Netid is a string type.
>>> No matter where of if I put the quotes, I still get array[phpCAS] not the
>>> value.
>>> If there is anything I still have trouble with after all these years its
>>> quoting variables.
>>> Help?
>>> Thanks
>>> Mike
>>>
>>>
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> Dude we just helped you with this same exact thing the other day.  And
>> you're still allowing SQL injection.
>
> No, actually I test my querys first and then wrap them in
> mysql_real_escape_string().
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Mike,

Well to be fair, I don't see any escaping in "Select Netid from Users
where Netid = '$_SESSION[phpCAS][user]'".  You could write:

$sql = sprintf(
"Select Netid from Users where Netid = '%s'",
mysql_real_escape_string($_SESSION['phpCAS']['user'])
);

and not have any of these problems.  If you're escaping outside of
that statement, then it's potentially tainting your data.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread MikeP


""Eric Butera""  wrote in message 
news:6a8639eb0901140825h1d603d01i3ffcce919dca6...@mail.gmail.com...
> On Wed, Jan 14, 2009 at 11:17 AM, MikeP  wrote:
>> Hello,
>> I am trying to get the following to work:
>> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'"
>> Netid is a string type.
>> No matter where of if I put the quotes, I still get array[phpCAS] not the
>> value.
>> If there is anything I still have trouble with after all these years its
>> quoting variables.
>> Help?
>> Thanks
>> Mike
>>
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> Dude we just helped you with this same exact thing the other day.  And
> you're still allowing SQL injection.

No, actually I test my querys first and then wrap them in 
mysql_real_escape_string(). 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Eric Butera

On Wed, Jan 14, 2009 at 11:17 AM, MikeP  wrote:
> Hello,
> I am trying to get the following to work:
> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'"
> Netid is a string type.
> No matter where of if I put the quotes, I still get array[phpCAS] not the
> value.
> If there is anything I still have trouble with after all these years its
> quoting variables.
> Help?
> Thanks
> Mike
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Dude we just helped you with this same exact thing the other day.  And
you're still allowing SQL injection.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread ceo


You can only interpolate ONE level of array or object indirection in a string.



WORKS:

"... $foo[x] ..."

"... $foo->x ..."



FAILS:

"... $foo[x][y] ..."

"... $foo->x->y ..." //almost for sure it fails, never tried...



You can use curly braces in side a string to evaluate something:



WORKS:

"... {$foo[x][y]} ..."

"... {$foo->x->y} ..."



[soapbox]

I personally think this is possibly the ugliest wart of variable/string 
interpolation.



Not sure how/why it came about, but it makes zero sense, really...

[/soapbox]



ymmv



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes in querys

2009-01-14 Thread Robert Stankiewicz




I am trying to get the following to work:
"Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'"
Netid is a string type.
No matter where of if I put the quotes, I still get array[phpCAS] not the 
value.
  

Maybe try this :

$q = 'Select Netid from Users where Netid = "' . $_SESSION[phpCAS][user] . '"';





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Quotes?

2006-09-08 Thread Michelle Konzack

Am 2006-09-05 23:12:43, schrieb Gustav Wiberg:
> I want to save this to a string...
> 
>

Re: [PHP] Quotes?

2006-09-05 Thread J R


On 9/6/06, Gustav Wiberg <[EMAIL PROTECTED]> wrote:


I want to save this to a string...


var uri = 'http://impse.tradedoubler.com/imp/img/16352388/1122503?' + new
String (Math.random()).substring (2, 11);
document.write('http://clk.tradedoubler.com/click?p=48859&a=1122503&g=16352388";
target="_blank">');



How could i type?

I've tried with ' and ".. but can't get it to work.

tested diffrent types..
$str = '';



this should work.

$str = 'var uri = 'http://impse.tradedoubler.com/imp/js/16350344/1122503?' +

new String (Math.random()).substring (2, 11);';



$str .= 'var uri = \'http://impse.tradedoubler.com/imp/js/16350344/1122503?\'
+ new String (Math.random()).substring (2, 11);';

$str = ""document.write('charset="ISO-8859-1">');"";


$str .= "\"document.write('');\"";

$str = ;


$str .= "\"\"";

Best regards

/Gustav Wiberg
Stammis Internet

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



* use (.) dot to add another value to a string:
e.g.
$var = 'hello';
$var .= ' world';
echo $var;
// hello world
$var = 'foo' . ' bar';
echo $var;
// foo bar

* learn to escape character.


hth,

john

--
GMail Rocks!!!





Re: [PHP] Quotes?


2006-09-05

Thread
Dave Goodchild


Or use a heredoc?








--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk





Re: [PHP] Quotes?


2006-09-05

Thread
Martin Marques


On Tue, 5 Sep 2006, Gustav Wiberg wrote:


I want to save this to a string...


var uri = 'http://impse.tradedoubler.com/imp/img/16352388/1122503?' + new 
String (Math.random()).substring (2, 11);
document.write('href="http://clk.tradedoubler.com/click?p=48859&a=1122503&g=16352388"; 
target="_blank">');



How could i type?


Escape " and ', like this: \" and \'.

--
 21:50:04 up 2 days,  9:07,  0 users,  load average: 0.92, 0.37, 0.18
-
Lic. Martín Marqués |   SELECT 'mmarques' ||
Centro de Telemática|   '@' || 'unl.edu.ar';
Universidad Nacional|   DBA, Programador,
del Litoral |   Administrador
-
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Quotes """ in form textarea fields


2004-10-08

Thread
John Holmes

Andrew Kreps wrote:
I'd like to add that you can also use the following syntax for textarea fields:

which may also get you past the quoting problem.
You mean you can use:

unless you prefer depreciated code and cross site scripting 
vulnerabilities...

http://www.w3.org/TR/html4/interact/forms.html#input-control-types
http://www.w3.org/TR/html4/interact/forms.html#h-17.4
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] Quotes """ in form textarea fields


2004-10-08

Thread
Andrew Kreps

On Fri, 08 Oct 2004 06:22:22 -0700, Sam Smith <[EMAIL PROTECTED]> wrote:
> Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the
> textarea field with:
> 

which may also get you past the quoting problem.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] Quotes """ in form textarea fields


2004-10-08

Thread
Jordi Canals

> A user enters in a textarea field of FORM1.php:
> Bob is "high"
> 
> Submitted to FROM2.php we get:
> 
> Bob is \"high\"
> 

Tha't's normal beacuse you have magic_quotes_gpc_on

> In a hidden field in FROM2.php we store the value:  
> Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the
> textarea field with:
> 

Because of that the atribute value will end at the first closeing
quotes and will show only the string to that "closing" quotes.

You can solve this by using the htmlspecialchars() or htmlentities() functions:

$APParea1 = htmspecialchars(stripslashes($_POST['textarea']));

or can be done that other way:

$APParea1 = htmlentities(stripslashes($_POST['textarea']));

Choose one or other function depending of your needs.

Hope this helps.

Regards,
Jordi.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] Quotes """ in form textarea fields


2004-10-08

Thread
Marek Kilimajer

Sam Smith wrote:
I swear I googled for an hour first.
A user enters in a textarea field of FORM1.php:
Bob is "high"
Submitted to FROM2.php we get:
Bob is \"high\"
In a hidden field in FROM2.php we store the value: So it looks:
 (hope this is what you meant)
You forgot ending quote, but that does not matter now. You need to 
convert quotes and other special html chars to their html entities, 
using htmlentities() function

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] Quotes """ in form textarea fields


2004-10-08

Thread
Robby Russell

On Fri, 2004-10-08 at 06:22 -0700, Sam Smith wrote:
> I swear I googled for an hour first.
> 
> 
> A user enters in a textarea field of FORM1.php:
> Bob is "high"
> 
> Submitted to FROM2.php we get:
> 
> Bob is \"high\"
> 
> In a hidden field in FROM2.php we store the value:  
> Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the
> textarea field with:
>  
> and then back by putting this in FORM1.php:
> $APParea1 = $_POST['hidden'];
> $APParea1 = str_replace("[QT]","\"",$APParea1);
> 
> 
signature.asc
Description: This is a digitally signed message part





Re: [PHP] quotes in text.


2004-07-16

Thread
Matt M.

> Ok then, I want to know how to do it the right way but just using
> $_POST['text'], as stated before, in my query still cuts off the text at
> the quote.
> 
> While passing this field between pages I don't do anything to it but when
> I want to show it to the user I would use stripslashes($_POST['text']). Is
> this the correct way to make sure my quotes get passed into the database?


First I would turn off magic_quotes_gpc.  I would use sessions to pass
the data from step 1 to the end, much easier imho than messing around
with hidden fields.  When you store the data in the database use make
sure you escape it, when you redisplay it, use the htmlentities
function.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in text.


2004-07-16

Thread
Ed Curtis



On Fri, 16 Jul 2004, John W. Holmes wrote:

> Ed Curtis wrote:
> > On Fri, 16 Jul 2004, Justin Patrin wrote:
> >>This is why he said: "Since you seem to have magic_quotes_gpc enabled,
> >>you can put the value directly into your query."
> >>
> >>You shouldn't use htmlentities when putting it into the DB. Use it
> >>when displaying the text.
> >
> >  I tried it both ways and it only works correctly when I do use
> > htmlentities($_POST['text']) in my insert query. I'm not showing the text
> > to the user on page 3 at all.
>
> Well, if you're happy with it "just working" and not knowing why or how
> it's going to break in the future... have fun.
>

Ok then, I want to know how to do it the right way but just using
$_POST['text'], as stated before, in my query still cuts off the text at
the quote.

While passing this field between pages I don't do anything to it but when
I want to show it to the user I would use stripslashes($_POST['text']). Is
this the correct way to make sure my quotes get passed into the database?

Ed

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in text.


2004-07-16

Thread
John W. Holmes

Ed Curtis wrote:
On Fri, 16 Jul 2004, Justin Patrin wrote:
This is why he said: "Since you seem to have magic_quotes_gpc enabled,
you can put the value directly into your query."
You shouldn't use htmlentities when putting it into the DB. Use it
when displaying the text.
 I tried it both ways and it only works correctly when I do use
htmlentities($_POST['text']) in my insert query. I'm not showing the text
to the user on page 3 at all.
Well, if you're happy with it "just working" and not knowing why or how 
it's going to break in the future... have fun.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes in text.


2004-07-16

Thread
Ed Curtis


On Fri, 16 Jul 2004, Justin Patrin wrote:

> This is why he said: "Since you seem to have magic_quotes_gpc enabled,
> you can put the value directly into your query."
>
> You shouldn't use htmlentities when putting it into the DB. Use it
> when displaying the text.

 I tried it both ways and it only works correctly when I do use
htmlentities($_POST['text']) in my insert query. I'm not showing the text
to the user on page 3 at all.

Ed

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in text.


2004-07-16

Thread
Justin Patrin

On Fri, 16 Jul 2004 11:58:55 -0500 (EST), Ed Curtis <[EMAIL PROTECTED]> wrote:
> 
> 
> 
> On Fri, 16 Jul 2004, John W. Holmes wrote:
> 
> > Let's say you have $_POST['text'] from the user.
> >
> > To display the value back to the user with magic_quotes_enabled, you'd
> > do this:
> >
> > echo htmlentities(stripslashes($_POST['text']));
> >
> > To put the value into a hidden form element, you'd do this:
> >
> >  > value="">
> >
> > Now, $_POST['text'] will come out correctly on Page 3. Since you seem to
> > have magic_quotes_gpc enabled, you can put the value directly into your
> > query.
> 
> Actually when I tried the above example nothing was entered into the
> database. This worked.. htmlentities($_POST['text']).
> 

This is why he said: "Since you seem to have magic_quotes_gpc enabled,
you can put the value directly into your query."

You shouldn't use htmlentities when putting it into the DB. Use it
when displaying the text.

-- 
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in text.


2004-07-16

Thread
Ed Curtis




On Fri, 16 Jul 2004, John W. Holmes wrote:

> Let's say you have $_POST['text'] from the user.
>
> To display the value back to the user with magic_quotes_enabled, you'd
> do this:
>
> echo htmlentities(stripslashes($_POST['text']));
>
> To put the value into a hidden form element, you'd do this:
>
>  value="">
>
> Now, $_POST['text'] will come out correctly on Page 3. Since you seem to
> have magic_quotes_gpc enabled, you can put the value directly into your
> query.

Actually when I tried the above example nothing was entered into the
database. This worked.. htmlentities($_POST['text']).

Thanks,

Ed

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in text.


2004-07-16

Thread
John W. Holmes

Ed Curtis wrote:
I'm having some difficulty with quotation marks, both single and double,
input via a textarea in a form.
Here's and example of text.
Trying out the "Special Character" thing.
Page 1 is the form.
Page 2 is the data shown back to the user.
original POST data is not touched. NO stripslashes
original typed text is show to the user by stripslashes($thistext)
original POST data is transferred to next page via hidden input field
without stripping slashes.
Page 3 posts the data to a MySQL database.
original POST data is not touched. No stipslashes.
Text gets cut off in database (Trying out the)
What exactly do I need to do to the text so that any quotation marks
(single or double) get input into the database.
Let's say you have $_POST['text'] from the user.
To display the value back to the user with magic_quotes_enabled, you'd 
do this:

echo htmlentities(stripslashes($_POST['text']));
To put the value into a hidden form element, you'd do this:


Now, $_POST['text'] will come out correctly on Page 3. Since you seem to 
have magic_quotes_gpc enabled, you can put the value directly into your 
query.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes in php.ini


2003-10-29

Thread
- Edwin -

On Tue, 28 Oct 2003 22:28:12 -0800
Evan Nemerson <[EMAIL PROTECTED]> wrote:

> On Wednesday 29 October 2003 12:30 am, - Edwin - wrote:
> > On Tue, 28 Oct 2003 22:05:56 -0800
> >
> > Evan Nemerson <[EMAIL PROTECTED]> wrote:
> > > On Tuesday 28 October 2003 11:59 pm, - Edwin - wrote:
> > > > Hi,
> > > >
> > > > On Wed, 29 Oct 2003 02:10:49 -0500
> > > >
> > > > Leif K-Brooks <[EMAIL PROTECTED]> wrote:
> > > > > Curt Zirzow wrote:
> > > > > >Try reversing the quotes:
> > > > > > error_prepend_string = "";
> > > > >
> > > > > Not valid XHTML (not sure if it's even valid HTML).
> > > >
> > > > Why not?
> > >
> > > Because W3C says so. The closest thing I found to an
> > > answer is http://www.w3.org/TR/xhtml1/#h-4.4 although I
> > > really didn't dig deeply. validator.w3.org doesn't like
> > > it, tidy doesn't like it. Opera doesn't like it.
> >
> > What "it"?
> 
> The it we're talking about- an HTML entity masquerading as
> a quote around an attribute.
> >

?? Look up again and you'll see the Curt was talking about
"reversing the quotes" and nothing about "entity
masqueraders" ;)

- E -
__
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
- Edwin -

On Wed, 29 Oct 2003 03:29:13 -0500
Leif K-Brooks <[EMAIL PROTECTED]> wrote:

> - Edwin - wrote:
> 
> >Interesting. Where?
> >  
> >
> www.w3.org

? Sorry, *won't* find it there...

In fact, a quick Google search gives you this:

  http://www.w3.org/TR/REC-html32

[quote]
Attribute values can be quoted using double or single quote
marks (ASCII decimal 34 and 39 respectively). Single quote
marks can be included within the attribute value when the
value is delimited by double quote marks, and vice versa.
[/quote]

Similar info can be found here:

  http://www.w3.org/TR/html401/html40.txt

I'm sure the above applies to XHTML as well. Curt pointed
this out earlier and, yes, using 'single quotes' (which is
what this portion of this thread is all about) is valid
(X)HTML. In fact, it even validates as XHTML "Strict".

- E -
__
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
Curt Zirzow

* Thus wrote Leif K-Brooks ([EMAIL PROTECTED]):
> Curt Zirzow wrote:
> 
> >Try reversing the quotes:
> >error_prepend_string = "";
> > 
> >
> Not valid XHTML (not sure if it's even valid HTML).

Sure it is, the quote character can be either ' or " and will
validate perfectly fine at w3c. now the font tag, thats a whole
different issue.

http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>


validate this


perfectly fine




Curt
-- 
"My PHP key is worn out"

  PHP List stats since 1997: 
http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
Evan Nemerson

On Wednesday 29 October 2003 12:30 am, - Edwin - wrote:
> On Tue, 28 Oct 2003 22:05:56 -0800
>
> Evan Nemerson <[EMAIL PROTECTED]> wrote:
> > On Tuesday 28 October 2003 11:59 pm, - Edwin - wrote:
> > > Hi,
> > >
> > > On Wed, 29 Oct 2003 02:10:49 -0500
> > >
> > > Leif K-Brooks <[EMAIL PROTECTED]> wrote:
> > > > Curt Zirzow wrote:
> > > > >Try reversing the quotes:
> > > > > error_prepend_string = "";
> > > >
> > > > Not valid XHTML (not sure if it's even valid HTML).
> > >
> > > Why not?
> >
> > Because W3C says so. The closest thing I found to an answer
> > is http://www.w3.org/TR/xhtml1/#h-4.4 although I really
> > didn't dig deeply. validator.w3.org doesn't like it, tidy
> > doesn't like it. Opera doesn't like it.
>
> What "it"?

The it we're talking about- an HTML entity masquerading as a quote around an 
attribute.
>
> - E -
>
> ...[snip]...
> __
> Do You Yahoo!?
> Yahoo! BB is Broadband by Yahoo!
> http://bb.yahoo.co.jp/

-- 
Evan Nemerson
[EMAIL PROTECTED]

--
"There is a certain right by which we may deprive a man of life, but none by 
which we may deprive him of death."

-Nietzsche

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
Leif K-Brooks

- Edwin - wrote:

Interesting. Where?
 

www.w3.org

--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes in php.ini


2003-10-29

Thread
- Edwin -

On Tue, 28 Oct 2003 22:05:56 -0800
Evan Nemerson <[EMAIL PROTECTED]> wrote:

> On Tuesday 28 October 2003 11:59 pm, - Edwin - wrote:
> > Hi,
> >
> > On Wed, 29 Oct 2003 02:10:49 -0500
> >
> > Leif K-Brooks <[EMAIL PROTECTED]> wrote:
> > > Curt Zirzow wrote:
> > > >Try reversing the quotes:
> > > > error_prepend_string = "";
> > >
> > > Not valid XHTML (not sure if it's even valid HTML).
> >
> > Why not?
> 
> Because W3C says so. The closest thing I found to an answer
> is http://www.w3.org/TR/xhtml1/#h-4.4 although I really
> didn't dig deeply. validator.w3.org doesn't like it, tidy
> doesn't like it. Opera doesn't like it.

What "it"?

- E -

...[snip]...
__
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
- Edwin -

On Wed, 29 Oct 2003 03:22:54 -0500
Leif K-Brooks <[EMAIL PROTECTED]> wrote:

> - Edwin - wrote:
> 
> >Why not?
> >  
> >
> Because that's what the standard says.

Interesting. Where?

- E -
__
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
Leif K-Brooks

- Edwin - wrote:

Why not?
 

Because that's what the standard says.

--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes in php.ini


2003-10-29

Thread
Evan Nemerson

On Tuesday 28 October 2003 11:59 pm, - Edwin - wrote:
> Hi,
>
> On Wed, 29 Oct 2003 02:10:49 -0500
>
> Leif K-Brooks <[EMAIL PROTECTED]> wrote:
> > Curt Zirzow wrote:
> > >Try reversing the quotes:
> > > error_prepend_string = "";
> >
> > Not valid XHTML (not sure if it's even valid HTML).
>
> Why not?

Because W3C says so. The closest thing I found to an answer is 
http://www.w3.org/TR/xhtml1/#h-4.4 although I really didn't dig deeply. 
validator.w3.org doesn't like it, tidy doesn't like it. Opera doesn't like 
it. I don't have IE, and am too lazy to boot up a gecko-powered browser. Even 
if it _is_ valid (which I really don't think is the case), it's not usable. I 
sincerely doubt any parsers will figure it out.
>
> - E -
> __
> Do You Yahoo!?
> Yahoo! BB is Broadband by Yahoo!
> http://bb.yahoo.co.jp/

-- 
Evan Nemerson
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
- Edwin -

Hi,

On Wed, 29 Oct 2003 02:10:49 -0500
Leif K-Brooks <[EMAIL PROTECTED]> wrote:

> Curt Zirzow wrote:
> 
> >Try reversing the quotes:
> > error_prepend_string = "";
> >  
> >
> Not valid XHTML (not sure if it's even valid HTML).

Why not?

- E -
__
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
Evan Nemerson

On Tuesday 28 October 2003 10:46 pm, [EMAIL PROTECTED] wrote:
> Evan Nemerson wrote:
> >Is anyone aware of a way to get double quotes in the php.ini file? For
> >instance, I'd like to be able to set error_prepend_string to " >color=\"#ff\">" (which doesn't work).
> >
> >The only work-around I can think of is doing ini_set()'s in an
> >auto_prepend_file, and that's not acceptable for my purposes.
>
> Try using  "  to replace double quote

Not valid (X)HTML, but it gets past the lexer.

-- 
Evan Nemerson
[EMAIL PROTECTED]

--
"A popular government, without popular information, or the means of acquiring 
it, is but a Prologue to a Farce or a Tragedy - or perhaps both. Knowledge 
will forever govern ignorance, and a people who mean to be their own 
Governors must arm themselves with the power which knowledge gives."

-James Madison

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
Evan Nemerson

On Tuesday 28 October 2003 11:10 pm, Leif K-Brooks wrote:
> Curt Zirzow wrote:
> >Try reversing the quotes:
> > error_prepend_string = "";
>
> Not valid XHTML (not sure if it's even valid HTML).

Yup. I've got the highlight_file thing from earlier working with ini entries, 
and I'm wondering how people are going to specify colour. I've even checked 
on HTML entities...

Just trying to cover my bases before I send to internals@

Any other ideas?

-- 
Evan Nemerson
[EMAIL PROTECTED]

--
"A popular government, without popular information, or the means of acquiring 
it, is but a Prologue to a Farce or a Tragedy - or perhaps both. Knowledge 
will forever govern ignorance, and a people who mean to be their own 
Governors must arm themselves with the power which knowledge gives."

-James Madison

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-29

Thread
Leif K-Brooks

Curt Zirzow wrote:

Try reversing the quotes:
error_prepend_string = "";
 

Not valid XHTML (not sure if it's even valid HTML).

--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes in php.ini


2003-10-29

Thread
Curt Zirzow

* Thus wrote Evan Nemerson ([EMAIL PROTECTED]):
> On Tuesday 28 October 2003 11:29 pm, Rolf Brusletto wrote:
> > Evan Nemerson wrote:
> > >Is anyone aware of a way to get double quotes in the php.ini file? For
> > >instance, I'd like to be able to set error_prepend_string to " > >color=\"#ff\">" (which doesn't work).
> > >
> > >The only work-around I can think of is doing ini_set()'s in an
> > >auto_prepend_file, and that's not acceptable for my purposes.
> >
> > Why not use single quotes around the actual setting.. i.e.
> 
> Because I get a parse error. Does it work for you? If so, what version of PHP 
> are you using???

Try reversing the quotes:
 error_prepend_string = "";


Curt
-- 
"My PHP key is worn out"

  PHP List stats since 1997: 
http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-28

Thread
Evan Nemerson

On Tuesday 28 October 2003 11:29 pm, Rolf Brusletto wrote:
> Evan Nemerson wrote:
> >Is anyone aware of a way to get double quotes in the php.ini file? For
> >instance, I'd like to be able to set error_prepend_string to " >color=\"#ff\">" (which doesn't work).
> >
> >The only work-around I can think of is doing ini_set()'s in an
> >auto_prepend_file, and that's not acceptable for my purposes.
>
> Why not use single quotes around the actual setting.. i.e.

Because I get a parse error. Does it work for you? If so, what version of PHP 
are you using???
>
> error_prepend_string = '';
>
> Rolf Brusletto
> www.phpexamples.net

-- 
Evan Nemerson
[EMAIL PROTECTED]

--
"If anyone can show me, and prove to me, that I am wrong in thought or deed, I 
will gladly change. I seek the truth, which never yet hurt anybody. It is 
only persistence in self-delusion and ignorance which does harm."

-Marcus Aurelius

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-28

Thread
ary . p . wibowo

Evan Nemerson wrote:

>Is anyone aware of a way to get double quotes in the php.ini file? For 
>instance, I'd like to be able to set error_prepend_string to "color=\"#ff\">" (which doesn't work).
>
>The only work-around I can think of is doing ini_set()'s in an 
>auto_prepend_file, and that's not acceptable for my purposes.
>
>

Try using  "  to replace double quote

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes in php.ini


2003-10-28

Thread
Rolf Brusletto

Evan Nemerson wrote:

Is anyone aware of a way to get double quotes in the php.ini file? For 
instance, I'd like to be able to set error_prepend_string to "" (which doesn't work).

The only work-around I can think of is doing ini_set()'s in an 
auto_prepend_file, and that's not acceptable for my purposes.



 

Why not use single quotes around the actual setting.. i.e.

error_prepend_string = '';

Rolf Brusletto
www.phpexamples.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] Quotes in regular expressions


2003-08-21

Thread
Scott Fletcher

That may be why!  It's the htmlspecialchars() that is the issue..  The
signle quote get convert into this, not sure if this apply to your situation
though.

--snip--

Reference : Special Characters in HTML
  left single quote   ‘ '
  right single quote   ’ '


--snip--

"Thaddeus J. Quintin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> The biggest part of my problem was that I had already called
> "htmlspecialchars" on the string, so there was no quotes to match!
>
> Duh.
>
> Even after I fixed that it was still turning into a hassle, so I just
> made two checks, one for single quotes, and, failing that, one for
> double quotes.
>
> not the prettiest answer, but I put good comments around it!
>
> Thaddeus
>
> Scott Fletcher wrote:
>
> > Try parsing it as a string where the double quote would become a string.
> > See if that help.  (Parse the whole characters into strings then find
the
> > double quote.)
> >
> > "Thaddeus J. Quintin" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> >
> >>-- SNIP --
> >> > If single-quoting (better, if you don't variable interpolation) you
> >>don't even need to escape the backslashes, so:
> >> >
> >> > $pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';
> >>-- SNIP --
> >>
> >>nope, not quite...
> >>Here's what I've got-
> >>
> >>$pattern='/\bsrc=([\'|"])([^\1])*[\1]/im';
> >>
> >>the string that's coming in is-
> >>http://www.mydomain.net/templates/images/somepicture.gif";
> >>ALT="letter" BORDER="0" ALIGN="CENTER">
> >>
> >>That's no newline or anything like that within the code (even with the
> >>'m' option, i've had previous problems with that before), and I can
> >>simplify the expression and grab everything including the quotes, so I'm
> >>really not sure what's failing.
> >>
> >>Thanks-
> >>Thaddeus
> >>
> >>Ford, Mike [LSS] wrote:
> >>
> >>
> >>>On 21 August 2003 17:03, Thaddeus J. Quintin wrote:
> >>>
> >>>
> >>>
> Lets say I'm trying to extract some data from an HTML
> document.  I want
> to get the values of the 'src' attributes of various tags.
> 
> For example-
> http://www.yahoo.com";>
> 
> here's the pattern I've been trying-
> 
> /\bsrc=(['|"])[^\\1]*[\\1]/im
> 
> Basically, match the 'src=' followed by some type of quote, followed
> by stuff that's not the quote originally matched, followed by
> the same quote.
> 
> But, obviously, I can't run this, because the quotes in the pattern
> close off the string I'm trying to create.
> 
> Are there ways of working with quotes?
> >>>
> >>>
> >>>Just escape the quote like you've escaped the backslashes.
> >>>
> >>>If double-quoting:
> >>>
> >>>$pattern = "/\bsrc=(['|\"])[^\\1]*[\\1]/im";
> >>>
> >>>If single-quoting (better, if you don't variable interpolation) you
> >
> > don't even need to escape the backslashes, so:
> >
> >>>$pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';
> >>>
> >>>Cheers!
> >>>
> >>>Mike
> >>>
> >>>-
> >>>Mike Ford,  Electronic Information Services Adviser,
> >>>Learning Support Services, Learning & Information Services,
> >>>JG125, James Graham Building, Leeds Metropolitan University,
> >>>Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
> >>>Email: [EMAIL PROTECTED]
> >>>Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211
> >>>
> >>
> >
> >
> >
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] Quotes in regular expressions


2003-08-21

Thread
Thaddeus J. Quintin

The biggest part of my problem was that I had already called 
"htmlspecialchars" on the string, so there was no quotes to match!

Duh.

Even after I fixed that it was still turning into a hassle, so I just 
made two checks, one for single quotes, and, failing that, one for 
double quotes.

not the prettiest answer, but I put good comments around it!

Thaddeus

Scott Fletcher wrote:

Try parsing it as a string where the double quote would become a string.
See if that help.  (Parse the whole characters into strings then find the
double quote.)
"Thaddeus J. Quintin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
-- SNIP --
> If single-quoting (better, if you don't variable interpolation) you
don't even need to escape the backslashes, so:
>
> $pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';
-- SNIP --
nope, not quite...
Here's what I've got-
$pattern='/\bsrc=([\'|"])([^\1])*[\1]/im';

the string that's coming in is-
http://www.mydomain.net/templates/images/somepicture.gif";
ALT="letter" BORDER="0" ALIGN="CENTER">
That's no newline or anything like that within the code (even with the
'm' option, i've had previous problems with that before), and I can
simplify the expression and grab everything including the quotes, so I'm
really not sure what's failing.
Thanks-
Thaddeus
Ford, Mike [LSS] wrote:


On 21 August 2003 17:03, Thaddeus J. Quintin wrote:



Lets say I'm trying to extract some data from an HTML
document.  I want
to get the values of the 'src' attributes of various tags.
For example-
http://www.yahoo.com";>
here's the pattern I've been trying-

/\bsrc=(['|"])[^\\1]*[\\1]/im

Basically, match the 'src=' followed by some type of quote, followed
by stuff that's not the quote originally matched, followed by
the same quote.
But, obviously, I can't run this, because the quotes in the pattern
close off the string I'm trying to create.
Are there ways of working with quotes?


Just escape the quote like you've escaped the backslashes.

If double-quoting:

   $pattern = "/\bsrc=(['|\"])[^\\1]*[\\1]/im";

If single-quoting (better, if you don't variable interpolation) you
don't even need to escape the backslashes, so:

   $pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] Quotes in regular expressions


2003-08-21

Thread
Scott Fletcher

Try parsing it as a string where the double quote would become a string.
See if that help.  (Parse the whole characters into strings then find the
double quote.)

"Thaddeus J. Quintin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> -- SNIP --
>  > If single-quoting (better, if you don't variable interpolation) you
> don't even need to escape the backslashes, so:
>  >
>  > $pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';
> -- SNIP --
>
> nope, not quite...
> Here's what I've got-
>
> $pattern='/\bsrc=([\'|"])([^\1])*[\1]/im';
>
> the string that's coming in is-
> http://www.mydomain.net/templates/images/somepicture.gif";
> ALT="letter" BORDER="0" ALIGN="CENTER">
>
> That's no newline or anything like that within the code (even with the
> 'm' option, i've had previous problems with that before), and I can
> simplify the expression and grab everything including the quotes, so I'm
> really not sure what's failing.
>
> Thanks-
> Thaddeus
>
> Ford, Mike [LSS] wrote:
>
> > On 21 August 2003 17:03, Thaddeus J. Quintin wrote:
> >
> >
> >>Lets say I'm trying to extract some data from an HTML
> >>document.  I want
> >>to get the values of the 'src' attributes of various tags.
> >>
> >>For example-
> >>http://www.yahoo.com";>
> >>
> >>here's the pattern I've been trying-
> >>
> >>/\bsrc=(['|"])[^\\1]*[\\1]/im
> >>
> >>Basically, match the 'src=' followed by some type of quote, followed
> >>by stuff that's not the quote originally matched, followed by
> >>the same quote.
> >>
> >>But, obviously, I can't run this, because the quotes in the pattern
> >>close off the string I'm trying to create.
> >>
> >>Are there ways of working with quotes?
> >
> >
> > Just escape the quote like you've escaped the backslashes.
> >
> > If double-quoting:
> >
> > $pattern = "/\bsrc=(['|\"])[^\\1]*[\\1]/im";
> >
> > If single-quoting (better, if you don't variable interpolation) you
don't even need to escape the backslashes, so:
> >
> > $pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';
> >
> > Cheers!
> >
> > Mike
> >
> > -
> > Mike Ford,  Electronic Information Services Adviser,
> > Learning Support Services, Learning & Information Services,
> > JG125, James Graham Building, Leeds Metropolitan University,
> > Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
> > Email: [EMAIL PROTECTED]
> > Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211
> >
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] Quotes in regular expressions


2003-08-21

Thread
Thaddeus J. Quintin

-- SNIP --
> If single-quoting (better, if you don't variable interpolation) you 
don't even need to escape the backslashes, so:
>
> $pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';
-- SNIP --

nope, not quite...
Here's what I've got-
$pattern='/\bsrc=([\'|"])([^\1])*[\1]/im';

the string that's coming in is-
http://www.mydomain.net/templates/images/somepicture.gif"; 
ALT="letter" BORDER="0" ALIGN="CENTER">

That's no newline or anything like that within the code (even with the 
'm' option, i've had previous problems with that before), and I can 
simplify the expression and grab everything including the quotes, so I'm 
really not sure what's failing.

Thanks-
Thaddeus
Ford, Mike [LSS] wrote:

On 21 August 2003 17:03, Thaddeus J. Quintin wrote:


Lets say I'm trying to extract some data from an HTML
document.  I want
to get the values of the 'src' attributes of various tags.
For example-
http://www.yahoo.com";>
here's the pattern I've been trying-

/\bsrc=(['|"])[^\\1]*[\\1]/im

Basically, match the 'src=' followed by some type of quote, followed
by stuff that's not the quote originally matched, followed by
the same quote.
But, obviously, I can't run this, because the quotes in the pattern
close off the string I'm trying to create.
Are there ways of working with quotes?


Just escape the quote like you've escaped the backslashes.

If double-quoting:

$pattern = "/\bsrc=(['|\"])[^\\1]*[\\1]/im";

If single-quoting (better, if you don't variable interpolation) you don't even need to escape the backslashes, so:

$pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





RE: [PHP] Quotes in regular expressions


2003-08-21

Thread
Ford, Mike               [LSS]

On 21 August 2003 17:03, Thaddeus J. Quintin wrote:

> Lets say I'm trying to extract some data from an HTML
> document.  I want
> to get the values of the 'src' attributes of various tags.
> 
> For example-
> http://www.yahoo.com";>
> 
> here's the pattern I've been trying-
> 
> /\bsrc=(['|"])[^\\1]*[\\1]/im
> 
> Basically, match the 'src=' followed by some type of quote, followed
> by stuff that's not the quote originally matched, followed by
> the same quote.
> 
> But, obviously, I can't run this, because the quotes in the pattern
> close off the string I'm trying to create.
> 
> Are there ways of working with quotes?

Just escape the quote like you've escaped the backslashes.

If double-quoting:

$pattern = "/\bsrc=(['|\"])[^\\1]*[\\1]/im";

If single-quoting (better, if you don't variable interpolation) you don't even need to 
escape the backslashes, so:

$pattern = '/\bsrc=([\'|"])[^\1]*[\1]/im';

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






RE: [PHP] quotes


2003-06-26

Thread
Ford, Mike               [LSS]

> -Original Message-
> From: Lso . [mailto:[EMAIL PROTECTED]
> Sent: 25 June 2003 18:32
> 
> ok i see why i didnt work but i dont know why.
> 
> can anyone tell me why this works:
> 
>
> 
> but this doesn't:
> 
> echo "";

Because by default htmlentities will convert double quotes but not single ones -- if 
you convert the second one to use double quotes in the HTML (like the first one), it 
should work:

   echo '';

Or you could use the optional 2nd parameter to htmlentities to make it convert single 
quotes as well -- the following is a quote from the manual page at 
http://www.php.net/htmlentities:

> the optional second quote_style parameter lets you define what will
> be done with 'single' and "double" quotes. It takes on one of three
> constants with the default being ENT_COMPAT: 
>
> Constant Name   Description 
> ENT_COMPAT  Will convert double-quotes and leave single-quotes
> alone. 
> ENT_QUOTES  Will convert both double and single quotes. 
> ENT_NOQUOTESWill leave both double and single quotes unconverted.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Chris Sherwood

LOL my mistake jason I should have paid more attention


- Original Message -
From: "Jason Wong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 25, 2003 12:26 PM
Subject: Re: [PHP] quotes


> On Thursday 26 June 2003 01:33, Chris Sherwood wrote:
>
> > I dont know what you were thinking but this is in a php list
> >
> > when you render html with php and you want double quotes in the html you
> > MUST escape them
> >
> > otherwise you dont use double quotes
>
> Sorry, it was the context of the thing:
>
> > > > > > ie input type=\"text\"
>
> As that snippet was on its own without any preceeding echo or print
statement
> I had assumed that that was plain HTML.
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> --
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-general
> --
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Jason Wong

On Thursday 26 June 2003 01:33, Chris Sherwood wrote:

> I dont know what you were thinking but this is in a php list
>
> when you render html with php and you want double quotes in the html you
> MUST escape them
>
> otherwise you dont use double quotes

Sorry, it was the context of the thing:

> > > > > ie input type=\"text\"

As that snippet was on its own without any preceeding echo or print statement 
I had assumed that that was plain HTML.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Chris Shiflett

--- "Lso ." <[EMAIL PROTECTED]> wrote:
> ok i see why i didnt work but i dont know why.
> 
> can anyone tell me why this works:
> 
> 
> 
> but this doesn't:
> 
> echo "";

It works for me, at least it does what I think you mean it to do. I'm not a big
fan of single-quoted attributes in HTML, but it should be fine. What doesn't
work for you?

Chris

=
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Chris Sherwood

Jason

I dont know what you were thinking but this is in a php list

when you render html with php and you want double quotes in the html you
MUST escape them

otherwise you dont use double quotes

- Original Message -
From: "Jason Wong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 25, 2003 9:58 AM
Subject: Re: [PHP] quotes


> On Thursday 26 June 2003 00:02, Chris Sherwood wrote:
> > well thats seems unlikely as I do it all the time..
> >
> > how ever I am not going to argue p's and q's ...
> > if it doesnt work for him it doesnt work
> >
> > - Original Message -
> > From: "Adam Voigt" <[EMAIL PROTECTED]>
> > To: "Chris Sherwood" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Wednesday, June 25, 2003 9:04 AM
> > Subject: Re: [PHP] quotes
> >
> > > Umm, in his first email, he specifically said all the quotes
> > > were already escaped with slashes and it didn't help.
> > >
> > > On Wed, 2003-06-25 at 11:50, Chris Sherwood wrote:
> > > > or you would escape the quote by putting a \ in front of it that way
> > > > the engine knows to "write" the quote.
> > > >
> > > > ie input type=\"text\"
>
> HTML doesn't need (indeed, want) slashes in front of quotes.
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> --
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-general
> --
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Lso .

im stupid.  it works.  so sorry.  htmlentities did the trick.  i had a chunk 
of code lingering from a former attempt at fixing it that screwed it all up. 
 thanks again everyone.

Lucas

_
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Matt Matijevich

When you view the html source is all of the text including the quotes there?

>>> "Lso ." <[EMAIL PROTECTED]> 06/25/03 12:06PM >>>
go ahead an try it.  the quote is quite clearly in the database, but when i 
try to put it back in a form field everything is cut off after the quote. 
and i tried stripslashed, and htmlentities, and htmlspecialchars.  i would 
turn magic quotes on, but im afaid it might mess something else up.  there 
is too much stuff running on this serever to take that risk.

Lucas Owens
www.lucasowens.com 
www.technoiraudio.com 





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Lso .

here ya go:


function dbconnect(){
$dbh=mysql_connect ("**", "**", "**") or die ('I cannot connect 
to the database because: ' . mysql_error());
mysql_select_db ("**");
}

$dbname = "***";
$urlname = "parteditlists.php";
function drawtable2($id, $company, $division, $contact, $address1, $city, 
$state, $zip, $voice, $fax, $email, $dbname, $urlname){
echo "



  
  
 company
 division
 contact
 address
 city


 editdelete
  {$company}
  {$division}
  {$contact}
  {$address1}
  {$city}


  
 state
 zip
 voice
 fax
 email


  {$state}
  {$zip}
  {$voice}
  {$fax}
  {$email}


";
}

?>


New York One Call - Participating Members Administration Page




New York One CallParticipating Members List Add 
Form.



 
  Company Name:
  
 
 
  Company Division:
  
 
 
  Contact Name:
  
 
 
  Address:
  
 
 
  City:
  
 
 
  State:
  
 
 
  Zip:
  
 
 
  Voice Number:
  
 
 
  Fax Number:
  
 
 
  Email:
  
 
 
   
  
 



http://www.nycli1calldsi.com/lists/partmemtest.php"; 
target="_blank">Display the Participating Members page.

New York One CallParticipating Members List Edit 
Form.

 

 dbconnect();

 $query = "SELECT * FROM {$dbname} ORDER BY company";
 $result = mysql_query( $query )
  or die ( "MySQL Error - " . mysql_errno() . ": " . mysql_error() );
 $numresult = mysql_num_rows($result);
 for($i=0; $i<$numresult; $i++){
  $row = mysql_fetch_array($result);
  drawtable2($row['id'], $row['company'], $row['division'], 
$row['contact'], $row['address1'], $row['city'], $row['state'], $row['zip'], 
$row['voice'], $row['fax'], $row['email'], $dbname, $urlname);
 }

?>



_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Lso .

go ahead an try it.  the quote is quite clearly in the database, but when i 
try to put it back in a form field everything is cut off after the quote. 
and i tried stripslashed, and htmlentities, and htmlspecialchars.  i would 
turn magic quotes on, but im afaid it might mess something else up.  there 
is too much stuff running on this serever to take that risk.

Lucas Owens
www.lucasowens.com
www.technoiraudio.com



From: Jason Wong <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [PHP] quotes
Date: Thu, 26 Jun 2003 00:58:40 +0800
On Thursday 26 June 2003 00:02, Chris Sherwood wrote:
> well thats seems unlikely as I do it all the time..
>
> how ever I am not going to argue p's and q's ...
> if it doesnt work for him it doesnt work
>
> - Original Message -
> From: "Adam Voigt" <[EMAIL PROTECTED]>
> To: "Chris Sherwood" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 25, 2003 9:04 AM
> Subject: Re: [PHP] quotes
>
> > Umm, in his first email, he specifically said all the quotes
> > were already escaped with slashes and it didn't help.
> >
> > On Wed, 2003-06-25 at 11:50, Chris Sherwood wrote:
> > > or you would escape the quote by putting a \ in front of it that way
> > > the engine knows to "write" the quote.
> > >
> > > ie input type=\"text\"
HTML doesn't need (indeed, want) slashes in front of quotes.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Jason Wong

On Thursday 26 June 2003 00:52, Lso . wrote:
> it doesnt work,  i just tried it. the text is still cut off after the quote
>
> >Just try htmlentities()!  A textarea is for multiple lines of text!

Show some code please.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Jason Wong

On Thursday 26 June 2003 00:02, Chris Sherwood wrote:
> well thats seems unlikely as I do it all the time..
>
> how ever I am not going to argue p's and q's ...
> if it doesnt work for him it doesnt work
>
> - Original Message -
> From: "Adam Voigt" <[EMAIL PROTECTED]>
> To: "Chris Sherwood" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 25, 2003 9:04 AM
> Subject: Re: [PHP] quotes
>
> > Umm, in his first email, he specifically said all the quotes
> > were already escaped with slashes and it didn't help.
> >
> > On Wed, 2003-06-25 at 11:50, Chris Sherwood wrote:
> > > or you would escape the quote by putting a \ in front of it that way
> > > the engine knows to "write" the quote.
> > >
> > > ie input type=\"text\"

HTML doesn't need (indeed, want) slashes in front of quotes.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Steve Marquez

I had the same problem. I had my ISP turn magic quotes on in the php.ini
file on their server.

As soon as they did that, everything worked just fine.


-Steve Marquez
Marquez Design
[EMAIL PROTECTED]

www.marquez-design.com


> it doesnt work,  i just tried it. the text is still cut off after the quote
> 
> 
>> Just try htmlentities()!  A textarea is for multiple lines of text!
>> 
> 
> _
> Tired of spam? Get advanced junk mail protection with MSN 8.
> http://join.msn.com/?page=features/junkmail
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Lso .

it doesnt work,  i just tried it. the text is still cut off after the quote


Just try htmlentities()!  A textarea is for multiple lines of text!

_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Leif K-Brooks

Lso . wrote:

Thanks everyone.  Honestly I tried so many things that Im not sure 
exactly what combinations I tried.  The textfield trick works, and I 
so sick of looking at this script Im moving on.  Ill try something 
else the next time around.  Thanks again for all of the excellent fast 
help!!
Just try htmlentities()!  A textarea is for multiple lines of text!

--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Lso .

Thanks everyone.  Honestly I tried so many things that Im not sure exactly 
what combinations I tried.  The textfield trick works, and I so sick of 
looking at this script Im moving on.  Ill try something else the next time 
around.  Thanks again for all of the excellent fast help!!

Lucas Owens
www.lucasowens.com
www.technoiraudio.com
_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Chris Sherwood

well thats seems unlikely as I do it all the time..

how ever I am not going to argue p's and q's ...
if it doesnt work for him it doesnt work

- Original Message -
From: "Adam Voigt" <[EMAIL PROTECTED]>
To: "Chris Sherwood" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, June 25, 2003 9:04 AM
Subject: Re: [PHP] quotes


> Umm, in his first email, he specifically said all the quotes
> were already escaped with slashes and it didn't help.
>
>
>
> On Wed, 2003-06-25 at 11:50, Chris Sherwood wrote:
> > or you would escape the quote by putting a \ in front of it that way the
> > engine knows to "write" the quote.
> >
> > ie input type=\"text\"
> >
> > - Original Message -
> > From: "Adam Voigt" <[EMAIL PROTECTED]>
> > To: "Lso ." <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Wednesday, June 25, 2003 7:47 AM
> > Subject: Re: [PHP] quotes
> >
> >
> > > Cause of the quotes around the value, example:
> > >
> > > 
> > >
> > > The HTML parser gets confused by the "'s around hank,
> > > so since the textarea doesn't use quote's to delimit the
> > > value, it works fine.
> > >
> > >
> > >
> > > On Wed, 2003-06-25 at 10:37, Lso . wrote:
> > > > Does anyone know why this works this way?  seems kinda odd that a
> > textarea
> > > > will display it correctly but a normla field will not.
> > > >
> > > > >>Try a textarea. Example:
> > > >
> > > > Lucas
> > > >
> > > > _
> > > > Tired of spam? Get advanced junk mail protection with MSN 8.
> > > > http://join.msn.com/?page=features/junkmail
> > > --
> > > Adam Voigt ([EMAIL PROTECTED])
> > > Linux/Unix Network Administrator
> > > The Cryptocomm Group
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> --
> Adam Voigt ([EMAIL PROTECTED])
> Linux/Unix Network Administrator
> The Cryptocomm Group
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Adam Voigt

Umm, in his first email, he specifically said all the quotes
were already escaped with slashes and it didn't help.



On Wed, 2003-06-25 at 11:50, Chris Sherwood wrote:
> or you would escape the quote by putting a \ in front of it that way the
> engine knows to "write" the quote.
> 
> ie input type=\"text\"
> 
> - Original Message -
> From: "Adam Voigt" <[EMAIL PROTECTED]>
> To: "Lso ." <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 25, 2003 7:47 AM
> Subject: Re: [PHP] quotes
> 
> 
> > Cause of the quotes around the value, example:
> >
> > 
> >
> > The HTML parser gets confused by the "'s around hank,
> > so since the textarea doesn't use quote's to delimit the
> > value, it works fine.
> >
> >
> >
> > On Wed, 2003-06-25 at 10:37, Lso . wrote:
> > > Does anyone know why this works this way?  seems kinda odd that a
> textarea
> > > will display it correctly but a normla field will not.
> > >
> > > >>Try a textarea. Example:
> > >
> > > Lucas
> > >
> > > _
> > > Tired of spam? Get advanced junk mail protection with MSN 8.
> > > http://join.msn.com/?page=features/junkmail
> > --
> > Adam Voigt ([EMAIL PROTECTED])
> > Linux/Unix Network Administrator
> > The Cryptocomm Group
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
-- 
Adam Voigt ([EMAIL PROTECTED])
Linux/Unix Network Administrator
The Cryptocomm Group


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Chris Sherwood

or you would escape the quote by putting a \ in front of it that way the
engine knows to "write" the quote.

ie input type=\"text\"

- Original Message -
From: "Adam Voigt" <[EMAIL PROTECTED]>
To: "Lso ." <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, June 25, 2003 7:47 AM
Subject: Re: [PHP] quotes


> Cause of the quotes around the value, example:
>
> 
>
> The HTML parser gets confused by the "'s around hank,
> so since the textarea doesn't use quote's to delimit the
> value, it works fine.
>
>
>
> On Wed, 2003-06-25 at 10:37, Lso . wrote:
> > Does anyone know why this works this way?  seems kinda odd that a
textarea
> > will display it correctly but a normla field will not.
> >
> > >>Try a textarea. Example:
> >
> > Lucas
> >
> > _
> > Tired of spam? Get advanced junk mail protection with MSN 8.
> > http://join.msn.com/?page=features/junkmail
> --
> Adam Voigt ([EMAIL PROTECTED])
> Linux/Unix Network Administrator
> The Cryptocomm Group
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






RE: [PHP] quotes


2003-06-25

Thread
Petre Agenbag


What you also need is to htmlspecialchars() the vars that you echo as form
element values, else your HTML will be broken if one of the vars contains "
. This should work for both text fields and textareas




or





-Original Message-
From: Lso . [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 25, 2003 4:21 PM
To: [EMAIL PROTECTED]
Subject: [PHP] quotes


Ok I have been searching to no avail.   I have a form that lets you add new
sets of information to a database.  Once you add information i have a page
that displays this information in a series of text fields.  I have done this
so you can alter the information in the fields hit edit and the information
is updated, you are brought back to the same page and there you see your
updated information.  This all works fine.  The problem is if the usere
enters a quote.  I have used addslashes(), and the information is entered
fine, but when I display the information in the form fields its cut off
right after the  quote.  I tried stripslashes() didnt work.  If i url encode
the input i get the html entity displayed in the form field.  Does anyone
have any suggestions?  Im just trying to make a nice interface for editing
this data.  Thanks in advance.

Lucas Owens
www.lucasowens.com
www.technoiraudio.com

_
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Leif K-Brooks

Lso . wrote:

Ok I have been searching to no avail.   I have a form that lets you 
add new sets of information to a database.  Once you add information i 
have a page that displays this information in a series of text 
fields.  I have done this so you can alter the information in the 
fields hit edit and the information is updated, you are brought back 
to the same page and there you see your updated information.  This all 
works fine.  The problem is if the usere enters a quote.  I have used 
addslashes(), and the information is entered fine, but when I display 
the information in the form fields its cut off right after the  
quote.  I tried stripslashes() didnt work.  If i url encode the input 
i get the html entity displayed in the form field.  Does anyone have 
any suggestions?  Im just trying to make a nice interface for editing 
this data.  Thanks in advance.
htmlentities() the value before displaying it in a field.

--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Lso .

understood.  thanks for the help.

Lucas Owens
www.lucasowens.com
www.technoiraudio.com



From: Adam Voigt <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: "Lso ." <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: [PHP] quotes
Date: 25 Jun 2003 10:47:56 -0400
Cause of the quotes around the value, example:



The HTML parser gets confused by the "'s around hank,
so since the textarea doesn't use quote's to delimit the
value, it works fine.


On Wed, 2003-06-25 at 10:37, Lso . wrote:
> Does anyone know why this works this way?  seems kinda odd that a 
textarea
> will display it correctly but a normla field will not.
>
> >>Try a textarea. Example:
>
> Lucas
>
> _
> Tired of spam? Get advanced junk mail protection with MSN 8.
> http://join.msn.com/?page=features/junkmail
--
Adam Voigt ([EMAIL PROTECTED])
Linux/Unix Network Administrator
The Cryptocomm Group

_
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Adam Voigt

Cause of the quotes around the value, example:



The HTML parser gets confused by the "'s around hank,
so since the textarea doesn't use quote's to delimit the
value, it works fine.



On Wed, 2003-06-25 at 10:37, Lso . wrote:
> Does anyone know why this works this way?  seems kinda odd that a textarea 
> will display it correctly but a normla field will not.
> 
> >>Try a textarea. Example:
> 
> Lucas
> 
> _
> Tired of spam? Get advanced junk mail protection with MSN 8. 
> http://join.msn.com/?page=features/junkmail
-- 
Adam Voigt ([EMAIL PROTECTED])
Linux/Unix Network Administrator
The Cryptocomm Group


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






Re: [PHP] quotes


2003-06-25

Thread
Lso .

Does anyone know why this works this way?  seems kinda odd that a textarea 
will display it correctly but a normla field will not.

Try a textarea. Example:
Lucas

_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





Re: [PHP] quotes


2003-06-25

Thread
Lso .

Yes!! You are the man!  It works!  Thank you all for the fast response.

Lucas Owens
www.lucasowens.com
www.technoiraudio.com

Try a textarea. Example:
_
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




      1   2    >

1 2 >

1 - 100 of 125 matches

Mail list logo