|
Posted by Larry on 03/29/06 13:08
In article <YhqWf.216$5g7.95@reader1.news.jippii.net>, "Kimmo Laine" <spam@outolempi.net> wrote:
>"Larry" <noway@none.com> wrote in message
>news:tynWf.16641$w86.1083@tornado.socal.rr.com...
>> OK, I've been searching around the net for numerous hours and seem to just
>> be
>> getting more confused about handling special characters.
>>
>> In my host's configuration MagicQuotes is ON. (I understand this is
>> considered
>> a bad thing by many)
>>
>> A user submitted an email in the form 'Bob Smith' <bob@nospam.com>
>> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that,
>> but
>> when I try to retrieve it with a standard query, it echo's or prints as
>> Bob
>> Smith. I have the same problem with a store name containing a single
>> apostrophe. Obviously the single quote is stopping it, but how do I get
>> past
>> that?
>
>
>In HTML <bob@nospam.com> will be concidered as a tag, nonsense tag since
>it's not really a tag but the <> make html think it is, therefor it's
>hidden. To fix it, special chars need to be converted to format where html
>does not concider them as control characters such as tag delimiters. There
>is a function that does this conversion called htmlspecialchars.
>
>Try something like:
>echo htmlspecialchars("'Bob Smith' <bob@nospam.com>");
>
>http://php.net/htmlspecialchars
>
Actually I am placing the value into a hidden form field that's then emailed
via a formmail program.
echo("<input type='hidden' name='my_email' value='$email'>");
I see your point about HTML seeing it as a nonsense tag however, and
understand how the single quote will also mess it up as there are others in
the <input> field and it will see it as an end to something.
I guess I'm back to stripping all the special characters out before they get
put into the database. Hmmmm...
Thanks much for the help,
Larry L
[Back to original message]
|