5

I have a form with a textbox 'size_txt' which stores a string representing a size choice.

<input type="text" name="size_txt" id="size_txt" style="display: none;" />

The value is posted to another page and retrieved by this code

$new_size=addslashes($_POST['size_txt']);

Unfortunately it needs to store the abbreviation of inches which is " quotation mark

if the string is '10" medium' then the value of $new_size is '10'

However if the string is 'medium 10"' then the value of $new_size is 'medium 10/"'

Has anyone else come across this behaviour and worked out how it could it be resolved?

Thanks for any help

David Caldwell
  • 55
  • 1
  • 5

2 Answers2

3

Yes the issue is there.

Note that when using addslashes() on a string that includes cyrillic characters, addslashes() totally mixes up the string, rendering it unusable.

No of solution's

1) use mysql_real_escape_string instead of addslashes

2) try below code like str_replace

$myString = str_replace("'", "\'", $myString);
$myString = str_replace('"', "'+String.fromCharCode(34)+'", $myString);

if you have stil issue just let me know.

Regards

Jigar Chaudhary
  • 169
  • 9
0

For your usecase you may be better off just using htmlspecialchars() to escape the "

Chase
  • 9,289
  • 5
  • 51
  • 77
  • Thanks You :) htmlspecialchars() worked and I'm now getting '10\" medium', I still can't work out why addslashes() didn't like my code but at least I can move on now. – David Caldwell Sep 21 '13 at 20:48