I am trying to post some data to a URL which contains double quotes.I escaped the quotes by adding back slashes.I just wanted to clarify will that be a problem while posting data.
$data = "{\"phoneNumber\":\"$no\",\"campid\":\"$refer\",\"simcards\":[{\"srno\":\"89914904040576482763\",\"mcc\":404,\"mnc\":49,\"operatorName\":\"airtel\",\"circleName\":\"AndhraPr\",\"msisdn\":\"\"},{\"srno\":\"89914904040874441867\",\"mcc\":404,\"mnc\":49,\"operatorName\":\"airtel\",\"circleName\":\"AndhraPr\",\"msisdn\":\"\"}]}";
If I shouldnt use backslashes ,what is the alternative.
just use single quotes outside then you dont have to escape the doubles inside
$data = '{"phoneNumber":"'.$no.'","campid":"'.$refer.'","simcards":[{"srno":"89914904040576482763","mcc":404,"mnc":49,"operatorName":"airtel","circleName":"AndhraPr","msisdn":""},{"srno":"89914904040874441867","mcc":404,"mnc":49,"operatorName":"airtel","circleName":"AndhraPr","msisdn":""}]}';
Related
Alright, so there's still stuff I have yet to learn about PHP. I'm trying to retrieve data from a MySQLi database and it's all fine until I'm forced to choose between double quotes or single quotes breaking something. With real_escape_string, I can store string data that contains a single quote, and it just gets escaped with a backslash, but if I don't use stripslashes() when I insert it into the value attribute...
If my value attribute looks like this in the code: value="_" then double quotes within the string, trim any data after it because it seems to be interpretted as the end of the value attribute.
If my value attribute looks like this in the code: value='__' then if I don't use stripslashes(), I see the slashes in the output, and if I use stripslashes(), it's the same thing with the double quotes, but with any of the escaped single quotes within the string.
Hope this makes sense. I'm fairly tired right now, but with a few replies and questions asked for anyone who doesn't quite understand, I'm sure we can figure this out. :)
If you have to output data into html which might have special characters use htmlspecialchars
<input type="text" value="<?php echo htmlspecialchars('\'"&<>') ?>">
http://codepad.org/DxV3uq0L
http://jsfiddle.net/Uu29D/
I wrote a script that when you enter a textbox, it will open an invisible iframe to a .php file with $_GET of what they wrote into the textbox.
However, for example, if I type: '<3' in it, this is what happens.
PHP determins that the $_GET[s] is blank! Users cant put a simple <3 symbol without getting that error.
Another problem is quotes, if I write any quotes, it will end the entire SRC property.
What should I do? Should I do something with javascript, or even PHP? Please let me know!
Thanks!
Use urlencode to encode the inputted string into a valid one for URL use.
Also be very cautious when allowing user input into your PHP script through the URL. Make sure you do proper checks/sanitization, especially if database operations are involved.
It looks like your iframe is generated by JavaScript, so all those answers that include PHP functions are useless. The data isn't even reaching PHP, so how can any PHP function hope to help?
Instead, try using urlencode from PHPJS, since none of JS's functions really handle all cases well, and this makes it easy for you to use PHP's urldecode to retrieve the data.
You need to encode that character as <.
Regarding double quotes, you can use this trick.
attr='Your string can "contain double quotes"'
or
attr="Your string can 'contain double quotes'"
but while specifying variable=values in url, you don't need to user double quotes, you can directly assign the values.
like
url="test.php?var1=123&var2=345"
rest about sending the <3 characters, you can check for url encoding in javascript & PHP whichever applicable!
I am looking for the best way to strip single quotes as it keeps breaking my important.
so
The image’s emotiveness enables
only comes through as
The image
It breaks at the single quote ' .I need a good way to strip out the tags can someone help.
I have looked at stripslashes();
Whats the best way function to stripout , - £
any help please.
MANAGED TO FIX IT>
Thank you for your help people i manage to fix it using the following function.
string utf8_encode ( string $data )
Cant figure out why it was coming out in that format from the database all i can think is it 6 years old website.
;)
I'm not 100% certain because PHP isn't my forte, but I think you need to look at something like urlencode(). This will encode all the special characters properly.
Note: This will remove all single quotes!
str_replace("'", "", $your_string);
example:
$your_string = "The image’s emotiveness enables.";
echo str_replace("'", "", $your_string);
output
The images emotiveness enables.
If you want to keep single quotes in string you should consider using real escape functions (recommended).
It sounds like what you really want is to encode the single quotes, not remove them. On the assumption that you are inserting into the MySQL database, look into mysql_real_escape_string.
The best way to get rid of specific characters is using str_replace.
To remove all single quotes from a string:
$noQuotes = str_replace("'", '', $stringWithQuotes);
There is several ways, depending on what are you doing.
You could use addslashes to escape all single / double quotes. You can unescape it with stripslashes later.
If you are planning on saving those data into MySQL database, you should use mysql_real_escape_string.
If you want to output data on HTML page, use htmlspecialchars to convert all special characters into HTML entities.
The next way is to use str_replace to remove all quotes, as few other people in this thread already mentioned.
I"m using the function json_encode() to encode my data in php before sending it back to my page. However, single quotes and double quotes have been escaped and appear as /' and /" in javascript. Any idea how to get back those quotes without those slashes in javascript. I'm using jquery.
Use $.parseJSON() if your JSON is a string.
If after that, you still have slashes, you may have magic quotes on. Check with this...
var_dump(get_magic_quotes_gpc());
If you get TRUE, disable magic quotes.
I'm using Zend Framework and it is escaping single quotes, double quotes and backslashes. This is done even before I save the text to the database so I guess it is done by the Zend_Form object.
Are those the only characters it escapes? Does Zend have a function to undo this escaping or a way to turn off this escaping?
The text is code so I really need it to show as the user sent it, it is gonna be highlighted by geshi or show as plain text.
Simply using stripslashes removes the unwanted backslashes, but also removes backslashes the user intentionally typed.
Thanks
This depends on how you are getting the post data.
The following method will give you the raw output of any POST data:
$request = $this->getRequest();
if ($request->isPost()) {
$post = $request->getPost(); // $post becomes an array of post variables
}
I found I had magic_quotes_gpc activated in this machine... turning it off makes it work as it should.
Thanks andybaird for the help anyway.