We Keep Coding

How to get filenames with apostrophes accepted by PHP? [duplicate]

I am trying to display a URL stored in mysql as a link in php table like this
echo "<td>Resume</td>";
where $row['resume'] retrieves correct data using mysql_fetch_array
However the whitespace between file link gets truncated automatically
for example my file name is "this is a resume.doc" i only get "this" in link
help.

You need to place quotes around your href attribute.
echo "<td>Resume</td>";

You need to do several things:
Escape characters with special meaning in URLs using urlencode
Escape characters with special meaning in HTML using htmlspecialchars
Quote attribute values
Such:
$url = htmlspecialchars( urlencode( $row['resume'] ) );
echo "<td><a href='$url'>Resume</a></td>";

What is the correct way to echo mysql text that may include single and/or double quotes in an anchor title?

I'm trying to include a string variable as the title to an anchor tag, so when the user hovers over the link, they see the text. The text may or may not include single or double quotes and comes from a mysql table column.
Here is the code:
echo '<a title="'.$classRow['Description'].'">'.$classRow['LongName'].'</a>';
The above code works correctly if $classRow['Description'] is:
In this class, we'll watch a movie.
But the title is truncated after the word 'movie ' if $classRow['Description'] is:
In this class, we'll watch the movie "Life of Pi."
I tried using addslashes($classRow['Description']) but that just displays the slash; the text is still truncated once it reaches the double quote.

This should do it,
$classRow['Description'] = 'In this class, we\'ll watch the movie "Life of Pi."';
echo '<a title="'.htmlspecialchars($classRow['Description'], ENT_QUOTES) .'">' .$classRow['LongName'].'</a>';
PHP Demo: http://sandbox.onlinephpfunctions.com/code/dadb94a797a74cc7fd8c078ca49d8840ddaeb0b3
Function page: http://php.net/manual/en/function.htmlspecialchars.php
Also note the behavior you are experiencing isn't the data being truncated the " in your string is closing the attribute the rest of the string is then being read as attributes.
Note a malicious user could alter elements in this same way so when outputting user provided input you should use this function as well.

How to Pass a value via href - PHP

Am passing a value using href tag
In first page Href tag used as
echo "$compname";
In the Second page used
$compname = $_GET['compna'];
To receive the Compna values are pass but only the first word is passed remaining words are skipped.
Compname as " Chiti Technologies Ltd "
When I pass the value I receive onlt "Chiti"

The reason you're only getting the first word of the company name is that the company name contains blanks. You need to encode the name.
echo "$compname";

You are producing ambiguous/invalid HTML by not quoting the parameter. The result is something like:
<a href=foo bar baz>
Only foo is recognized to belong to href, the rest doesn't. Quote the values:
echo '', htmlspecialchars($compname), '';

Use this code:
echo ''.$compname.'';

You need add quotes for your href, besides, you also need to use urlencode to encode the variable.
echo '' . $compname . '';

change echo "$compname";
to echo "$compname";
When using double quoted strings " you don't need to paste variables in between, you can just type them.
Also, when pasting strings together don't use comma's , but use . to paste strings otherwise you'll get parse errors.
For arrays include them between curly brackets {}
echo "$compname";

How to send multiple values in a href link in PHP?

I want to send multiple values to a different page using a href link. But what I retrieve is the first 2 values only, rest shows an error of undefined index.
My code is:
<?php
echo "<a href='index.php?choice=search&cat=".$cat."&subcat=".$subcat."&srch=".$srch."&page=".$next."'> Next </a>";
?>
I get the values of "choice" and "cat" only.
Please tell me whats wrong in the above code.

try using urlencode, as if there are any special characters in the strings, it could have an effect on the querystring as a whole;
echo "<a href='index.php?choice=search&cat=".urlencode($cat)."&subcat=".urlencode($subcat)."&srch=".urlencode($srch)."&page=".urlencode($next)."'> Next </a>";
Plus you had a space between srch and page, that could have been causing a problem.

You must HTML-escape those ampersands properly:
?coice=search&cat=...&subcat=...&srch=...
&sub (of &subcat) gets interpreted as ⊂ which is a special HTML entity for the subset operator:
⊂ or ⊂ = subset of ⊂
Also make sure you properly escape your variables to prevent XSS.

PHP echo() MySQL result containing <> characters?

I am retrieving data from my SQL database...
data exactly as it is in the DB = (21:48:26) <username> some text here. is it ok?
when i try and echo $row['log']."<br>";
it displays it as = (21:48:26) some text here. is it ok?
i assume this is due to the <> brackets making it think its an HTML opener... would this be the case? and if so how would one echo a string that contains HTML?

Use htmlspecialchars() to translate HTML control characters into their entities:
echo htmlspecialchars($row['log'])."<br>";

You need to escape the characters so it is not recognized as an HTML element, but as text:
echo htmlentities( $row['log'] ) . '<br/>';

i assume this is due to the <>
brackets making it think its an HTML
opener...
Yes, any construction in <> brackets is treated by web browser as HTML tag. So, you should use either htmlspecialchars() or htmlentities() or some similar custom function to convert "<" and ">" symbols to "<" and ">" strings, which are displayed to user as brackets.
Some more comments:
ALL text data displayed to user must be passed through htmlspecialchars() funciton (or through other function with similar behavior), since "some text" may also contain tags, etc.
Probably it would be better to store date/time, username and "some text" in separate table columns in DB, in order to satisfy relational database constraints. This may require some additional input data parsing.