Jump to content
Larry Ullman's Book Forums


  • Posts

  • Joined

  • Last visited

marileejean's Achievements


Newbie (1/14)



  1. You are right! Thank you for the excellent & very quick response! I added stripslashes() to both places and now the pages are looking lovely.
  2. Hi all, I've created a search page on my website with pagination from the book. If a search is entered with an apostrophe, the first time the search page (and sticky form value) is loaded, it looks fine, but as you click on each of the page links, the apostrophe is escaped again, adding slashes into the form value and the url: Initial search of Mother's Day: http://aqualee.com/n...=Mother%27s+Day After clicking back & forth on the previous/next page links a couple times: http://aqualee.com/new/search.php?keyword=Mother\\\\\\\'s%20Day&s=6&p=2 My best guess is that it's applying htmlspecialchars (for the page title & form value) and/or mysqli_real_escape_string (for the keyword in the url) with each page load, but I can't figure out the logic in how to avoid that while keeping the data safe. This update to my site is my first foray into PHP or SQL, and I have as much experience in programming as a semester in C++ can give you. Here's the relevant code (I think!)... $show_keyword is set and used in the title and form value here // set page title if (isset($_GET['keyword'])) { $show_keyword = htmlspecialchars($_GET['keyword']); } $page_title = 'Search results for '.$show_keyword.' greeting cards by Aqua Lee'; include ('header.html'); // create text form to search with sticky value echo '<form action="search.php" method="GET"> <label>Search: <input type="text" name="keyword" size="20" maxlength="50" value="'.$show_keyword.'" /></label> <input type="submit" value="Search" /></form>'; $search_term is set & escaped here // validate and secure user entry if (!empty($_GET['keyword']) ) { $search_term = mysqli_real_escape_string($dbcon, trim($_GET['keyword']) ); } $search_term is used in the urls where extra slashes show # create pagination links // Make the links to other pages, if necessary. if ($pages > 1) { echo '<br /><p>'; $current_page = ($start/$display) + 1; // If it's not the first page, make a Previous button: if ($current_page != 1) { echo '<a href="search.php?keyword='.$search_term.'&s=' . ($start - $display) . '&p=' . $pages. /*. '&sort=' . $sort . */'">Previous</a> '; } // Make all the numbered pages: for ($i = 1; $i <= $pages; $i++) { if ($i != $current_page) { echo '<a href="search.php?keyword='.$search_term.'&s=' . (($display * ($i - 1))) . '&p=' . $pages./* . '&sort=' . $sort . */'">' . $i . '</a> '; } else { echo $i . ' '; } } // End of FOR loop. // If it's not the last page, make a Next button: if ($current_page != $pages) { echo '<a href="search.php?keyword='.$search_term.'&s=' . ($start + $display) . '&p=' . $pages./* . '&sort=' . $sort . */'">Next</a>'; } echo '</p>'; } Can you tell me where the redundancy is, if that's the problem? Do I even need to escape the form input if I'm just displaying it in the title or in the form? I read about some similar problems with apostrophe, and magic quotes were suggested to be the culprit...they are turned off in my php.ini file. Thanks for taking a look!! -Marilee
  • Create New...