Punctuation Marks in PHP Text Boxes

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am not a PHP user; I manage the server/ network for our business.  
We've employed web developers (chosen because they're friends of the  
MD) to build us a site and they've used PHP & MySQL to do it.  

The problem we have is that if we use an apostrophe when writing a  
product description or product title in the back office of our site,  
when that data is then used or carried through to another part of the  
site eg. a live product page or an order summary page, the apostrophe  
has a backslash before it. We have run into other issues with the use  
of various punctuation marks in the text fields of the back end of the  
site and have always been told by the developers that it is a fault of  
PHP and is common with PHP text fields.

Now, as I said, I'm not a PHP user and certainly no expert. But I have  
installed and used Mambo Server, Wordpress, phpBB and a couple of other  
PHP MySQL products through my own curiosity and have done so  
successfully and have never experienced any of the issues we seem to be  
facing with these text boxes. I am growing increasingly suspicious of  
the level of competence of the developers and feel that they are making  
excuses for their inability. Can anyone tell me, from what  I've said  
here, whether my suspicions are justified or is it the case that PHP is  
limited in these areas?

Any help/ advice would be really appreciated,



Re: Punctuation Marks in PHP Text Boxes

pihkal23 wrote:

Quoted text here. Click to load it

Get better developers.
Or tell these bunch to use the stripslashes() function as can be found at  

If they fall for that trick you might try some SQL-injection too. :P
Probably works.
Google for details.

Erm well, bottomline: If this app is anywhere critical for your business,  
get better developers, or at least 1 good developer inhouse.
Seriously, you don't want some smartass to hijack your SQL-server with  
orders and creditcardnumbers, or whatever it is you store in there, by  
doing some basic SQL-injection, do you?

Erwin Moller

Quoted text here. Click to load it

Re: Punctuation Marks in PHP Text Boxes

Erwin is right and this problem should be trivial for any competent php
programmer to figure out. You can read more about it at the link below.
It's not a fault of PHP.


Re: Punctuation Marks in PHP Text Boxes

On Wed, 08 Feb 2006 06:10:53 -0500, <pihkal23> wrote:

Quoted text here. Click to load it

It is common for fledgling would-be php developers to struggle with  
escaped quotes/apostrophes in their output -- this is a problem of  
incompetence with php, not an incompetence -of- php ;)

Quoted text here. Click to load it

Again, php isn't limited in these areas.  There's an option in php.ini,  
magic_quotes_gpc, that automatically escapes things when enabled and can  
be a bit confusing if you don't know it's happening -- but this can be  
turned off if you have access to php.ini or worked around if you're a  
developer without access to php.ini.  Tell them to run a google search for  
magic_quotes_gpc and a search of php.net for 'stripslashes'.

You're justified in questioning their competence -- they sound pretty lost  
to me.  They're either making up excuses for their inability or they're  
foolish enough people to use a scripting language they believe is  
incapable of outputting clean text -- either way, it says little for them  
by way of competence ;)


A Web based regular expressions powered find/replace utility

Re: Punctuation Marks in PHP Text Boxes

On 2006-02-08 11:10:53 +0000, pihkal23 said:

Quoted text here. Click to load it

Thank you for your responses, the links you provided certainly made  
things clearer for me. I will be speaking to our developers tomorrow  
but I think I need to start making some enquiries with some other  

Thanks again,


Re: Punctuation Marks in PHP Text Boxes

On 2006-02-08, pihkal23 <pihkal23> wrote:
Quoted text here. Click to load it

Ask the proogrammers to fix it, if they can't replace them.
don't tell us the URL of the site, it's quite possibly
horribly insecure.


Site Timeline