I have a $_GET[q] from the URL. I am trying to ECHO the search term back into the search box. Sometimes people might submit queries encapsulated in quotes and in these cases the ECHO interprets the search term
ECHO $_GET[q];
as:
ECHO ""search term"";
and as a result I get a blank search box. Search queries with a single quote, like: Peter's house, work fine.
When I use:
mysqli_real_escape_string($conn, $_GET[q])
I only get a backslash in the search box.
How could I populate the search box with a search term encapsulated in double quotes?
You could also use:
echo str_replace('"','',$_GET[q]);
This will of course remove all double quotes, so if they may be valid somewhere in the search term then better might be:
echo str_replace('"','"',$_GET[q]);
Haven't tested this but this might also work:
echo html_entity_decode(htmlentities($_GET[q))
You could use addslashes
like this:
$t = 'peter "pan"';
echo addslashes($t); // outputs: peter \"pan\"
You can try:
$str = "Hello World!";
echo $str . "<br>";
echo chop($str,"");
Ouptput:
Hello World
Explanation:
The chop() function, helps you chop off the quotes anyone might add to string.
You can manipulate as appropriate for your code.
$str = preg_replace( '["|\']','', $_REQUEST['q'] );
echo( $str ); //no double, no single quotes, faster than str_replace when you have to make more than 1 call to str_replace
or...
$str = str_replace( '"','', $_REQUEST['q'] ); //no double quotes, faster than preg_replace when you only make one call to str_replace
echo( $str ); //no double quotes
Related
I am trying to go through the array string I called out from database and filtered to a readable state. The string could have a lot of \' and \", below is just an example.
$content = 'It\'s go to somewhere \"GREAT\"!';
I am trying to use str_replace but it is not working...
$content1= str_replace('\\\'', "'", $content );
$newcontent= str_replace('\\\"', '"', $content1 );
Output should be
It's go to somewhere "GREAT"!
instead.. I get
It\'s go to somewhere \"GREAT\"!
I looked at preg_replace, but I don't quite get all the /.. or where to start on it.
Please help.
Here's how
$content = 'It\'s go to somewhere \"GREAT\"!';
$content = stripslashes($content);
echo $content;
What you want to use is stripslashes($str).
Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\) are made into a single backslash ().
$str = "Is your name O\'reilly?";
// Outputs: Is your name O'reilly?
echo stripslashes($str);
I am having an issue with my results here.
Please someone can tell what I'm doing wrong.
I have this text inside a mysql field:
----------------------------------------------------
text “strange double quotes” "normal double quotes"
----------------------------------------------------
Inside a textarea I echo the string fron the database
<textarea>
$string = stripslashes(htmlspecialchars_decode($string,ENT_QUOTES));
echo htmlspecialchars($string);
</textarea>
And crashes (does not display anything).
but if I only have normal text or normal quotes:
"this is a correct text with quotes"
This works.
Do you know what I need to do?
TY
The code you have works as expected:
<?php
$string = 'text “strange double quotes” "normal double quotes"';
$string = stripslashes(htmlspecialchars_decode($string,ENT_QUOTES));
echo htmlspecialchars($string);
?>
Yields:
text “strange double quotes” "normal double quotes"
Check the value of $string before passing it into htmlspecialchars_decode, e.g.:
<?php
$string = null;
$string = stripslashes(htmlspecialchars_decode($string,ENT_QUOTES));
echo htmlspecialchars($string);
?>
Yields nothing/empty/blank, per your error description.
I'm using textarea to get data that I insert into a database.
I'm using htmlspecialchars() to get rid of the single quotes and double quotes but it doesn't convert new lines into something so I'm left with a very long piece of code that doesn't have new lines and looks messy.
I've checked the manual but I can't find how to convert it.
How would I do this?
EDIT:
My intended output is the same as what the user inputted.
So if they inputted into the textarea...
Hi
This is another line
This is another line
It would store into the database like...
Hi\r\nThis is another line\r\n This is another line.
or something like that.
Then when I echo it again then it should be fine.
Anthony,
If you are referring to when you get it back out and you want it to look nice, and you aren't putting it back into a textarea, you can use the mythical function nl2br() to convert new line characters into HTML characters.
$data = 'Testing\r\nThis\r\nagain!\r\n';
echo nl2br($data);
This results in:
Testing
This
again!
I believe what you are looking for is
nl2br($string);
That will convert the returns to <br> tags
I will also give you this script that has worked well for me in the past when nl2br does not.
$remove = array("\r\n", "\n", "\r", "chr(13)", "\t", "\0", "\x0B");
$string = str_replace($order, "<br />", $string);
It should be:
<?php
addslashes( strip_tags( nl2br( $data ) ) );
?>
addslashes : will escape quotes to prevent sql injection
strip_tags : will remove any html tags if any
nl2br : will convert newline into <br />
I want to know how i use htmlentities •' for ' in my code ?
How to escape single quote
hows apostrophe work in IE
while($row = pg_fetch_array($result))
{
if($row[3]=="")
{
$vmobj_Array[$i]=$row[0]."***".$row[1]."***".$row[2];
}
else
{
$vmobj_Array[$i]=$row[0].' ( '.$row[3].' )'."***".$row[1]."***".$row[2];
}
$i++;
}
I think every question should have an answer, so I'm posting here as well. Feel free to accept the answer someone else posted there just now.
htmlentities($str, ENT_QUOTES); or htmlspecialchars($str, ENT_QUOTES); should do the trick where $str should be replaced by the variable or string you want to escape (e.g., $row[0]). If you just want to add it, all you need to do is add it: print "Here's an apostrophe '";
simple problem baffling me...
i have a function:
function spitHTML() {
$html = '
<div>This is my title</div>\n
<div>This is a second div</div>';
return $html
}
echo $spitHTML();
Why is this actually spitting out the \n's?
Backslashes used in single quote strings do not work as escape characters (besides for the single quote itself).
$string1 = "\n"; // this is a newline
$string2 = '\n'; // this is a backslash followed by the letter n
$string3 = '\''; // this is a single quote
$string3 = "\""; // this is a double quote
So why use single quotes at all? The answer is simple: If you want to print, for example, HTML code, in which naturally there are a lot of double quotes, wrapping the string in single quotes is much more readable:
$html = '<div class="heading" style="align: center" id="content">';
This is far better than
$html = "<div class=\"heading\" style=\"align: center\" id=\"content\">";
Besides that, since PHP doesn't have to parse the single quote strings for variables and/or escaped characters, it processes these strings a bit faster.
Personally, I always use single quotes and attach newline characters from double quotes. This then looks like
$text = 'This is a standard text with non-processed $vars followed by a newline' . "\n";
But that's just a matter of taste :o)
Because you're using single quotes - change to double quotes and it will behave as you expect.
See the documentation for Single quoted strings.
Change ' to " :) (After that, all special chars and variable be noticed)
$html = "
<div>This is my title</div>\n
<div>This is a second div</div>";