PDA

View Full Version : Why is an apostrophe on a selection list is messing things up ?


songboy
04-19-2010, 09:39 PM
I have escaped an apostrophe via mysqli_real_escape_string as a string went into mysql. The string sits happily in a table with its apostrophe. I also have a page with three dynamic dropdowns: click a a member of dropdown 1 and it populates dropdown 2 etc. It all works fine until the above string with the apostrophe appears in dropdown 2. The string is:
DAN'S PLACE. When you click on it (via a javascript line) it should go to the top of the list as the selected option and also, it should trigger the population of dropdown 3. BUT when you click it, DAN leaps to the top of the selection list and no population of list 3 occurs. Once again, there appears to be a problem with the apostrophe. I'm not sure what it is though. I've tried using the above function or addslashes to see if it solves things, but it doesn't (unless I'm putting them in the wrong places). Why won't it work with the option selected instruction - this isn't anything to do with a mysql table ?
Please give a hand as I've been stuck on this for ages.

davidj
04-20-2010, 09:51 AM
Your apostrophe needs to be escaped in the database

If it looks like this in the db...

DAN\'S PLACE

Then this is on the right track.

You then use a strip slashes on output...

Post the html source and the PHP which outputs this string

songboy
04-21-2010, 10:17 PM
Hi dj
Dan's Place does not have a slash as shown on the db. I have assumed that this is correct as my understanding is that once the mysqli_real_escape_string has done it's thing, it dispenses with the slash.
What I have is a string with an apostrophe, brought from the db and presented in a selection list. When you click on it, only the characters up to the apostrophe are recognised. As such, there aren't any slashes to strip.

davidj
04-22-2010, 07:13 AM
post the html as per the output

remember to use code tags

songboy
04-23-2010, 09:43 PM
Hi dj
Here is the code section (the second select list) which is causing the problem. Assume that it has been populated by a previous mysql SELECT action (this appears to be working fine). When you click on one of the selection options ($_POST['experience_phrase']) which has an apostrophe, only the characters up to the apostrophe are recognised and query 4 doesn't happen (it doesn't fail- it just doesn't populate the third selection list) and nothing else works either. BUT ! If there is no apostrophe in the string, everything works perfectly.

<select name="song_title" MULTIPLE size="14" onChange="document.forms[0].submit();">
<option value ="" selected >SONG TITLE LIST<option />
<?php
$experience_phrase = $_POST["experience_phrase"];
if($experience_phrase)
{
$query = sprintf("SELECT experience_id FROM song_experiences WHERE experience_phrase = '$experience_phrase'");
$result = mysqli_query($cxn, $query) or die ("Could not execute query 4.");
}
$row = mysqli_fetch_array($result);
$exp_id = $row['experience_id'];
$query = sprintf("SELECT song_title FROM song_titles WHERE experience_id = '$exp_id'");
$result = mysqli_query($cxn, $query) or die ("Could not execute query 5.");
while ($row = mysqli_fetch_array($result))
{
extract($row);
echo"<option value ='$song_title'>$song_title";
}
?>
PS The selection with the apostrophe has no escape character - it sits in selection list two as is eg it's unfair .
I hope you might help as I'm more stumped with this than any other php issue I've come up against.
Thanks - Songboy

davidj
04-26-2010, 06:06 AM
need to see the html output

songboy
04-26-2010, 09:18 PM
Hi again dj -This is what the source looks like after the error has occurred.<div id="Layer4">
<form name = "choices" action = "indexa.php" method = "POST">
<div id="Layer60"><select name="theme_word" MULTIPLE size="14" onChange ="document.forms[0].submit();"><option value ="THEME LIST" selected>THEME LIST<option />
<option value = 'LOVE' selected>LOVE<option />

<option value ='FRIENDS'>FRIENDS</><option value ='LOVE'>LOVE</>
<option value ='PEOPLE'>PEOPLE</>
<option value ='PLACES'>PLACES</>
</select></div>
<div id="Layer61"><select name="experience_phrase" size="14" MULTIPLE onChange="document.forms[0].submit();">
<option value ="" selected>INNER THOUGHTS LIST<option /><option value 1 ='SHE'selected>SHE<option/><option value ='SHE'S UNFAIR'>SHE'S UNFAIR</> </select></div>Songboy

davidj
04-27-2010, 05:52 AM
can you format that html

and wrap it in code tags

songboy
04-29-2010, 09:31 PM
Hi dj -
I've fixed it !

This code:
echo"<option value ='$song_title'>$song_title</option>";
should be:
while ($row2 = mysqli_fetch_array($result))
{
extract($row2);
?>
<option value="<?php echo $song_title?>"><?php echo $song_title?></option>
I also had to add mysqli_real escape string just before each select query.
Thanks for your support.
Songboy