Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP addslashes not working as expected if a string starts with numbers and contains a quotation mark

Tags:

php

addslashes

I have a form with a textbox 'size_txt' which stores a string representing a size choice.

<input type="text" name="size_txt" id="size_txt" style="display: none;" /> 

The value is posted to another page and retrieved by this code

$new_size=addslashes($_POST['size_txt']);

Unfortunately it needs to store the abbreviation of inches which is " quotation mark

if the string is '10" medium' then the value of $new_size is '10'

However if the string is 'medium 10"' then the value of $new_size is 'medium 10/"'

Has anyone else come across this behaviour and worked out how it could it be resolved?

Thanks for any help

like image 715
David Caldwell Avatar asked Nov 02 '22 14:11

David Caldwell


1 Answers

Yes the issue is there.

Note that when using addslashes() on a string that includes cyrillic characters, addslashes() totally mixes up the string, rendering it unusable.

No of solution's

1) use mysql_real_escape_string instead of addslashes

2) try below code like str_replace

$myString = str_replace("'", "\'", $myString);
$myString = str_replace('"', "'+String.fromCharCode(34)+'", $myString);

if you have stil issue just let me know.

Regards

like image 97
Jigar Chaudhary Avatar answered Nov 15 '22 04:11

Jigar Chaudhary