Idut home  

Idut Support / quotes and entry don't submit to db

You are not logged in.

#1 2008-06-10 16:43:28

New member
Registered: 2008-06-10
Posts: 2

quotes and entry don't submit to db

First let me say that I really like the Idut Human Checker. No spam has got through since I started using it. Also, I'm a complete code novice - so please be patient.

I have a PHP form that submits a couple of fields to MySQL. When I don't include iduthc.php, I can submit an entry that includes quotes, e.g. "This is "a" test." will submit as "This is "a" test." But with iduthc, any entry that has quotes does not show up in MySQL.

Thanks for your help,

I've made a little progress.  I looked at View Source in the Browser and found that the hidden form field has slashes.

In the PHP it looks like this: echo '<input type="hidden" name="'.$key.'" value="'.$value.'" /> ';

In the HTML source is looks like this: <input type="hidden" name="entry" value="this shows \"quotes\" and slashes" />

I need to strip slashes, or strip them somewhere in the code previous to this line.

Any ideas are greatly appreciated.

Last edited by mediarosa (2008-06-11 03:14:39)



2008-06-10 16:43:28


#2 2008-06-11 10:16:10

Registered: 2007-08-11
Posts: 108

Re: quotes and entry don't submit to db

Try changing the php lines to this:

line 46 echo '<input type="hidden" name="'.$key.'['.$key2.']" value="'.$value2.'" />'; to echo '<input type="hidden" name="'.$key.'['.$key2.']" value="'.htmlentities($value2).'" />';

and line 49 echo '<input type="hidden" name="'.$key.'" value="'.$value.'" /> '; to echo '<input type="hidden" name="'.$key.'" value="'.htmlentities($value).'" /> ';

if you want you can then convert it back in your other PHP script using:
$b = html_entity_decode($a);
where a is the name of the field above and b is the output with quotes included.

I'm sure  a few people will find this so I'll add it to the list of things to do for the next version.



#3 2008-06-11 12:45:48

New member
Registered: 2008-06-10
Posts: 2

Re: quotes and entry don't submit to db

That did it. THANK YOU! and thanks for the quick response. You can see how I'm using it here at - its just a sand box for me to play with and see what kind of trouble I get myself into. This is the first time I've asked for help and really do appreciate your response. ~jamie