Couldn't you just use substr_replace and the html endcoding for a double quote (") ?
<?php echo "<input type=\"hidden\" name=\"name\" value=\"" . substr_replace($name, '/"', """). "\">"; ?> ----- Original Message ----- From: "Georgie Casey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, March 21, 2002 2:09 PM Subject: [PHP] Temporary MySQL Tables > Hi, > > On my site now, there's a lengthy register process where the user has to > fill in 5 forms, one after the another. I get the PHP script to echo the > values from the previous into the next form by using > <?php echo "<input type=\"hidden\" name=\"name\" value=\"" . $name . "\">"; > ?> > for example. Then I keep carrying the information over to each extra form > until the user reaches the last page and I insert all the info into a table > called "tempmembers" with an extra timestamp field which I use to verify > email addresses. The user gets an email saying click here to verify your > membership with the username and timestamp in the URL. The users clicks it, > and I run a SQL command that copies the row from "tempmembers" into the > "members" table. > > This process worked well for a while until I discovered if users enter a > single or double quote into any of the fields, it fecks everything up. So I > added an addslashes command but it's all getting a bit hairy so I was > looking for some advice on MySQL temporary tables for either using after > every form or at the end of all the forms. > > Or does anyone have any other method I could use??? Thanks for any help > you might have. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
