PHP simple : PHP tutorial, MySQL tutorial
PHP Tutorial - Free PHP Script

Home | Tutorials | Php vs Node.Js | Web Tools

Input - Output String Functions


Tutorials > Input - Output String Functions

This tutorial is showing some functions that you need to use for your inputing form (as text field, text area) because, it is not security to receive string datas and input them directly into your database. Some special characters as ", ' , may be stop your SQL commands or damage your database structure and as the gateway for hackers to hack your website.

  • ' and " are using in PHP structures as open or close string structures.
  • using in PHP for escape or cross the PHP structure characters behind it.
    Ex. <? echo "He said "Hello Marry."."; ?>
    Result : He said "Hello Marry".

addslashes

Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash () and NUL (the NULL byte). Apply this function to your string variables before put them into your database.

Syntax :

string addslashes ( string str )

stripslashes

Apply this function to your string variables included with "" before output them with echo or print commands. This function using for un-quote string quoted with addslashes(). Returns a string with backslashes stripped off. (' becomes ' and so on.) Double backslashes () are made into a single backslash ().

Syntax :

string addslashes ( string str )

nl2br

This function using for string variables included with line breaks from text area. Using it for inserts HTML line breaks '<br />' before all newlines in a string.

Syntax :

string nl2br ( string str )

htmlspecialchars

Syntax :

htmlspecialchars ( string string [, int quote_style [, string charset]] )

Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application. The optional second argument, quote_style, tells the function what to do with single and double quote characters.

The translations performed are:

  • '&' (ampersand) becomes '&amp;'
  • '"' (double quote) becomes '&quot;'
  • ''' (single quote) becomes '&#039;'
  • '<' (less than) becomes '&lt;'
  • '>' (greater than) becomes '&gt;'

Tutorial

This tutorial contains 3 files and 1 table in MySQL database.

  1. post.html. This file is including with a simple form. [file information]
  2. post.php. This file is the parameter receiver from post.html and put them into database. Then re-direct to show.php [file information]
  3. show.php. Show data records from database. [file information]
  4. Create database "tutorial" and table "guestbook" with 5 fields: id(auto_increment), name(varchar, 50), email(varchar, 50), note(longtext), datetime(datetime)

The main page for this tutorial is show.php. First, browse this file and click on "Add New>" link on the top to sign-up a new record at post.html then you submit form, it goes to post.php and re-direct to this file again. The new record you just put will be appear at the first record in this page.

show.php

Show data records using:
- stripslashes();
- nl2br();
- htmlspecialchars();

Re-directlink

post.php

Receive parameters and put into database, using:
- addslashes();

Submit

post.html

HTML file with a form.

Summary:

  • You need to use addslashes(); function every time for string variables before you put it into your database like this;

    Ex.

    $a="String from in-put Form Fields as text fields or text areas";
    addslashes($a);
    mysql_query("insert into table(a) values('$a') <== Put it to your database.

  • Use stripslashes();, nl2br(); and htmlspecialchars(); for out-put string data from your database.

    Ex.

    $a="String values from your database";
    echo nl2br(stripslashes(htmlspecialchars($a))); <== Use 3 functions in 1 line.
*** Make it powerful by Function ***

Make a function in your webpage. You can use it anytime for out-put string records from your database.

function fixstring($string){
$string=nl2br(stripslashes(htmlspecialchars($string)));
return $string;
}

$a="String values from your database";
echo fixstring($a); <== Use fixstring(); function by put the value and get back the results.

Advertise
Put Ebay RSS Feeds onto your website
SEO Elite Software
Domain Dashboard CPanel & Seo Manager
Work at Home Ideas and Opportunities
Introduction & Get Start
Using Form
PHP
PHP Tags
PHP Variables
PHP Control Structures
MySQL
Create Database & Table
Database Connection
Insert Record
Select Record
Update Record
Delete Record

PHPsimple.net
info@phpsimple.net