Escaping quotes in PHP from MySQL result (PDO)

2018-07-03 14:54:51

The string to display comes from a MySQL table. I use PDO queries. The string contains double quotes:

Older spelling (from French). The modernized "petty larceny" is now preferred.

This is a definition of a dictionary entry that is displayed if available:

$search_results .= (!empty($english_definition)? "<a class="definition" href="#" data-toggle="popover" rel="popover"
data-content="".$english_definition."">".$english."*</a>" : $english);

Because of the quotes, the definition is cut to after the word "modernized".

I tried using addslashes() but the result is that a single slash is displayed, and nothing after it.

I also tried adding slashes inside the table field, eg

Older spelling (from French). The modernized "petty larceny" is now preferred.

Without stripslashes() in the PHP code, only the first backward slash is displayed and nothing after it.

When I add stripslashes() , nothing is displayed after the word "modernized".

So, this is where I am stuck.

ADDITIONAL CODE: This is how I insert new terms and definitions. I have added htmlspecialchars() for input where quotes could exist:

        if(isset($_POST['submit'])) {

        $english                = htmlspecialchars($_POST['english']);
        $english_abbr           = $_POST['english_abbr'];
        $variant                = $_POST['variant'];
        $bulgarian              = htmlspecialchars($_POST['bulgarian']);
        $bulgarian_abbr         = $_POST['bulgarian_abbr'];
        $theme_id               = $_POST['theme_id'];
        $english_definition     = htmlspecialchars($_POST['english_definition']);
        $bulgarian_definition   = htmlspecialchars($_POST['bulgarian_definition']);

        // Check if an entry already exists
        $exists = $db->prepare("SELECT * FROM ".DICTIONARY_TABLE." WHERE english = :english AND theme_id = :theme_id ");
        $exists->execute(array(':english' => $english, ':theme_id' => $theme_id));
        $count = $exists->rowCount();
        if($count > 0) {
            echo "<h3 style="color:navy; background:transparent;">&#8658; An entry in the same theme already exists.</h3>";
        }
        else {
            $insert = $db->prepare("INSERT INTO ".DICTIONARY_TABLE." 
                                    (english, english_abbr, variant, bulgarian, bulgarian_abbr, theme_id)
                                    VALUES
                                    (:english, :english_abbr, :variant, :bulgarian, :bulgarian_abbr, :theme_id)");
            $insert->execute(array(':english'           => $english, 
                                    ':english_abbr'     => $english_abbr,
                                    ':variant'          => $variant,
                                    ':bulgarian'        => $bulgarian,
                                    ':bulgarian_abbr'   => $bulgarian_abbr,
                                    ':theme_id'         => $theme_id));

            if($insert) {
                echo "<h4 style="color:green; background:transparent;">&#8658; Term "$english" inserted successfully.</h4>";

                if(!empty($english_definition) || !empty($bulgarian_definition)) {      
                    $insert_id = $db->lastInsertId();
                    $insert_def = $db->prepare(
                            "INSERT INTO ".DICTIONARY_DEFINITIONS." 
                            (term_id, english_definition, bulgarian_definition)
                            VALUES
                            (:term_id, :english_definition, :bulgarian_definition)");
                    $insert_def->execute(array(
                            ':term_id' => $insert_id, 
                            ':english_definition'   => $english_definition,
                            ':bulgarian_definition' => $bulgarian_definition));

                    if($insert_def) {
                        echo "<h4 style="color:green; background:transparent;">&#8658; Definition(s) inserted successfully.</h4>";
                    }
                    else {
                        echo "<h4 style="color:red; background:transparent;">&#8658; There was a problem inserting the definition(s)!</h4>";
                    }
                }

                unset($_POST); $_POST = array();
            }
            else { 
                echo "<h4 style="color:red; background:transparent;">&#8658; There was a problem executing the query: </h4>";
            }
        }
        include("insert_form.php");
    }
    else {
        include("insert_form.php");
    }

use htmlspecialchars() function when you save it to the database, and htmlspecialchars_decode() function when you want to echo it again.

Link to htmlspecialchars() function

Link to htmlspecialchars_decode() function

It's a bit of a vague question and if you would use pdo right i don't even think you should have to deal with the slashes but if you wan't the data to be displayed without slashed have you tried using string replace?

$search_result = str_replace ("/", "", $search_result);

This should achieve what you want if i understand you're question correctly

链接地址: http://www.djcxy.com/p/93668.html

上一篇: 我有一个整数数组，我如何在mysql查询中使用每一个（在PHP中）？

下一篇: 在PHP中从MySQL结果中转义引号（PDO）