Single and Double Quotes Problems
Question
I was struggling with escaping double and single quotes with addslashes() and stripslashes()... in a mini web application that just inserts values and retrieves those values back out in a form to edit, and a general page to view the attributes. Finally I settled on this function to change single and double quotes:
function fixQuotes($string) {
$string = str_replace("'", ''', $string);
$string = str_replace('"', '"', $string);
return $string;
}
Since I don't have any details for you as for what was happening before using this method, I can't really ask what was wrong. Rather, I would like to know if there are any drawbacks of using this function to replace single and double quotes with the html entities.
1 answers
solution1
4 ACCPTED 2013-10-08 06:13:57
You can't just magically "fix" quotes without knowing where the data is going to.
When you insert data into a database, escape it with the database API's escape function. If you're using the legacy MySQL API (which you should not be in new code as it is deprecated), use mysql_real_escape_string . If you're using the MySQL-improved API, use mysqli_real_escape_string . If you're using PDO, use bindValue , or execute with the
input_parametersparameter, or quote .When you echo text to an HTML page, use htmlspecialchars .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.