Inserting extra quotes when submitting form

Beginners - Learning PHP
#1

I have a form that if I were to type “don’t” (w/o quotes), it comes out as don’’’'t. What could be causing this?

p.s. It doesn’t do this on my localhost, only when its uploaded to the web server

[php]$limitedtextarea = mysql_real_escape_string(urldecode($_POST[‘limitedtextarea’])); //The actual judgment
$url = mysql_real_escape_string($_POST[‘url’]); //URL (Actually now set to get IP Address of user uploading)
$figcaption = mysql_real_escape_string(urldecode($_POST[‘figcaption’])); //Caption for the image
$imageURL = mysql_real_escape_string($_POST[‘imageURL’]); //URL for and image
$link = mysql_real_escape_string($_POST[‘link’]);
[/php]

#2

What does the form look like ?
what is inserted in to the database ?

Where does it come out ?

it comes out as don''''t
#3

The form…
[php]

Step 1. Choose a picture:  Image maximum size 5 MB jpeg, gif, or png

or enter image url:

Step 2. Enter a caption for the image:

Step 3. Judg whatever/whoever is in that picture:

(Maximum characters: 350)
You have characters left.

Have a link? 

        <input type="hidden" name="url" value='<?php echo "Date:".date('Y-m-d H:i:s')."<br />Ip:".$_SERVER['REMOTE_ADDR'].""?>'/>
      
      <label for="submit"><span class="steps">Step 4.</span> Submit it:</label> 
      <input type="submit" id="mybut" value="       Judg It!        " name="Submit"/>
[/php]

the insertion into db…
[php]<?php
require ‘db.php’;
error_reporting(0);

$limitedtextarea = mysql_real_escape_string(urldecode($_POST[‘limitedtextarea’])); //The actual judgment
$url = mysql_real_escape_string($_POST[‘url’]); //URL (Actually now set to get IP Address of user uploading)
$figcaption = mysql_real_escape_string(urldecode($_POST[‘figcaption’])); //Caption for the image
$imageURL = mysql_real_escape_string($_POST[‘imageURL’]); //URL for and image
$link = mysql_real_escape_string($_POST[‘link’]);

if($imageURL==null && $_FILES[‘file’][‘name’]==null)
{
echo"";
}
else{
$change= “http://www.judgd.com”;
$abc="";

define (“MAX_SIZE”,“3000”);
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return “”; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}

$errors=0;

if($_SERVER[“REQUEST_METHOD”] == “POST”)
{
$image =$_FILES[“file”][“name”];
$uploadedfile = $_FILES[‘file’][‘tmp_name’];
$fileSize = $_FILES[‘file’][‘size’];
$fileType = $_FILES[‘file’][‘type’];

if ($image) 
{

	$filename = stripslashes($_FILES['file']['name']);

	$extension = getExtension($filename);
	$extension = strtolower($extension);

if (($extension != “jpg”) && ($extension != “jpeg”) && ($extension != “png”) && ($extension != “gif”))
{

		$change='<div class="msgdiv">Unknown Image extension </div> ';
		$errors=1;
	}
	else
	{

$size=filesize($_FILES[‘file’][‘tmp_name’]);

if ($size > MAX_SIZE*5000)
{
$change='

You have exceeded the size limit!
';
die;
$errors=1;
}

if($extension==“jpg” || $extension==“jpeg” || $extension==“pjpeg”)
{
$uploadedfile = $_FILES[‘file’][‘tmp_name’];
$src = imagecreatefromjpeg($uploadedfile);

}
else if($extension==“png”)
{
$uploadedfile = $_FILES[‘file’][‘tmp_name’];
$src = imagecreatefrompng($uploadedfile);

}
else
{
$src = imagecreatefromgif($uploadedfile);
}

echo $scr;

$percent = 0.5;

list($width,$height)=getimagesize($uploadedfile);

$newwidth=$width;
$newheight=($height/$width)*$newwidth;
$tmp=imagecreatetruecolor($newwidth,$newheight);

$newwidth1=$width*$percent;
$newheight1=($height/$width)*$newwidth1;
$tmp1=imagecreatetruecolor($newwidth1,$newheight1);

$newwidth2=$width*$percent*$percent;
$newheight2=($height/$width)*$newwidth2;
$tmp2=imagecreatetruecolor($newwidth2,$newheight2);

imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);

imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);

imagecopyresampled($tmp2,$src,0,0,0,0,$newwidth2,$newheight2,$width,$height);

$filePath = “images/”;
$filePathSmall = “images/small/”;
$filePathThumb = “images/thumbnail/”;

$filename = $_FILES[‘file’][‘name’];

$filenamesmall = $newheight1.“x”.$newheight1."_".$_FILES[‘file’][‘name’];

$filenamethumb = $newheight2.“x”.$newheight2."_".$_FILES[‘file’][‘name’];

imagejpeg($tmp,$filePath.$filename,100);

imagejpeg($tmp1,$filePathSmall.$filenamesmall,100);

imagejpeg($tmp2,$filePathThumb.$filenamethumb,100);

imagedestroy($src);
imagedestroy($tmp);
imagedestroy($tmp1);
imagedestroy($tmp2);
}}

}

$fileName = $filename;

if($fileName==null){
$fileName=$imageURL;
}
//If no errors registred, print the success message
if(isset($_POST[‘Submit’]) && !$errors)
{

// mysql_query(“update {$prefix}users set img=’$big’,img_small=’$small’ where user_id=’$user’”);
$query = “INSERT INTO judgment (limitedtextarea, name, namesmall, namethumb, size, type, path, url, figcaption, link )
VALUES (’$limitedtextarea’,’$fileName’,’$filenamesmall’,’$filenamethumb’, ‘$fileSize’, ‘$fileType’, ‘$filePath’, ‘$url’, ‘$figcaption’,’$link’)”;

$result = mysql_query($query) or die('Error, query failed : ’ . mysql_error());

if(!$result){
print ‘’;

}

else {
echo “

Post Successful!
”;
}
}
}[/php]

calling it from db…

[php]echo ("");
$ipadd = $_SERVER[‘REMOTE_ADDR’];
if($row[‘path’]==null) // IF PATH IS NULL; THEN IMAGE IS URL; DO THIS…
{
echo ("

					<table itemscope itemtype='http://schema.org/Review' class='showing'>	
					<tr>
						<td rowspan='1' colspan='1'>
							<figure>
							<a itemprop='contentUrl' href='".$row['name']."' rel='lightbox' title=\"".$row['figcaption']." - ".$row['limitedtextarea']."\">
							<img class='figImg' itemprop='thumbnailUrl' src='". $row['name']."' alt='".$row['name']."' title='".$row['name']."'/></a></figure>
						</td>	
					</tr>
					<tr>
						<td class='figcap'><a href='judgment_search.php?figcaption=".$row['figcaption']."' title='".$row['figcaption']."'>".$row['figcaption']."</td>
					</tr>
					<tr>
						<td rowspan='1' colspan='1'><span itemprop='comment'>".$row['limitedtextarea']."</span></td>	
					</tr>
								
					<tr>");
						if ($row['link']==!null){
							echo "<td><a href='".$row['link']."' title='".$row['link']."' target='_blank'>Link</a></td>";
						}
					echo ("<td></td>
					</tr>											
							
					<tr>	
						<td>
						
							<div class='fb-like' data-href=\"http://www.judgd.com/judgment_search?figcaption=".$row['figcaption']."\" data-send='true' data-layout='button_count' data-width='250' data-show-faces='false'></div>
							<a href='http://pinterest.com/pin/create/button/?url=http%3A%2F%2Fwww.judgd.com%2F&media=".$row['name']."&description=".urlencode($row['limitedtextarea'])."' class='pin-it-button' count-layout='horizontal'><img border='0' src='//assets.pinterest.com/images/PinExt.png' title='Pin It' /></a>
				
						</td>
					</tr>
				
			</table>
		<!-- <![endif]-->

");
}
[/php]

when “don’t” or “it’s” or anyting with an apostrophe it triples it when inserting it into the db

#4

Which form input does this happen the textarea ?

#5

Textarea (“description”) and input[type=“text”] (“figcaption”)

#6

Is it putting double quotes around the single quote ?
Or is it changing the single quote to 2 double quotes ?

Are you using some sort of javascript on the form ?

You want to echo it out in different places, so you can see where it starts to put the change in to the values.

#7

It looks like it’s inserting double quotes around a single quote…and yes I am but I’ve been using this for awhile with no issues until just a few days ago. I’m not sure what I changed in my code to make it do this…

#8

Going to cheat because the problem might be in your mysql query but you do not show this.
Also you have not come back to me on the echo when the values change.

[php]
if($row[‘path’]==null) // IF PATH IS NULL; THEN IMAGE IS URL; DO THIS…
{
$row[‘figcaption’] = str_replace(’"’"’, “’”, $row[‘figcaption’]);

$row[‘limitedtextarea’] = str_replace(’"’"’, “’”, $row[‘limitedtextarea’]);
[/php]

#9

It appears that for every single quote another is added. Example = ’ -> ‘’, ‘’’ -> ‘’’’’’

this is happening when inserting into the database and pulling out of db.

So if you type “it’s”, it is inserted into the db as “it’'s”. When you pull it out it show as “it’’’'s”.

This has got me all sorts of cornfused

What’s really weird is that on localhost it works fine but when I upload to the server that when it starts behaving bad

#10

I would try by taking away the mysql_real_escape_string and change it to addslashes echo / print_r out the post var then look at what is put in to the the database.

Its like the escape is not putting a backslash and adding quotes instead but hard to say as I cant test your code.

I am sure I have seen this happen before but cant remember the solution for it.
specialhtmlchars function ?

[php]
if($row[‘path’]==null)
// IF PATH IS NULL; THEN IMAGE IS URL; DO THIS…
{
$row[‘figcaption’] = str_replace("’’’’", “’”, $row[‘figcaption’]);
$row[‘limitedtextarea’] = str_replace("’’’’", “’”, $row[‘limitedtextarea’]);
[/php]

#11

Did you figure out the problem in the end ?

#12

Nope, I’m still looking for that issue but the str_replace() is doing the job for now. I will post if I ever do find the issue.

Sponsor our Newsletter | Privacy Policy | Terms of Service