Apostrophe problem

Hi. I'm having trouble working with an apostrophe in my Event Title field. When I add a new event, and I enter an apostrophe in the Event Title field and submit, the calendar returns the item with a "'" (slash apostrophe) instead of just the apostrophe. It shows up this way in the event listing in the calendar layout and in the title field when I want to "update" the record. But yet, if I just click on the event item in the calendar and view the event in the popup window, the apostrophe is okay (no slash).

Any idea why this is happening? I know I can use the "&#146" instead, but this is confusing for non-web people to use.

Thanks!

The next version will solve this problem (I'll send a note to Tom)

Use AddSlashes and StripSlashes before inserting into database

So it sounds like it's not something I have wrong, but something in the logic? I take it then, that it's not an easy fix.

But what do you mean by:
"Use AddSlashes and StripSlashes before inserting into database"?

Look for addslashes in the file calendar.php
such as:

and change it to:


see the following for more details:
http://se.php.net/manual/en/function.mysql-escape-string.php
http://se.php.net/manual/en/function.addslashes.php

Thank you, thank you, thank you.

THANK YOU!

Actually, since the title gets put in the database properly escaped, the problem is more likely a missing stripslashes() in the display() and edit() functions in the file ltw_classes.php.


As far as adding mysql_escape_string() calls to where the data gets written seems redundant from the two links opus provided. Plus, you have now moved db specific functions out of the ltwDb class and into the main code, making it much harder to add another db driver (if anyone is so inclined).

Thanks, prrk47002.
Can you tell me "exactly" what the syntax is that I should add to the display() and edit() functions? And where would I put it?

wherever you see an echo statement that includes $row['name'] or $row['description'], surround them with stripslashes(). ie stripslashes($row['name'])

wherever the values are gettting put in an SQL query, use addslashes() in a similar manner.

Or wait a week or so for V4 of the calendar.....

Thanks, prrk47002.
That works just fine for me. I'm new to PHP and database stuff, but I'm learning boatloads thanks to you guys.

No problem.
I was new to PHP & MySql until I needed a calendar for my web site and found ltwCalendar. Then I wanted a little change like color coded categories and Matt said "Go ahead". That's how V3 was born. Then I wanted user accounts and Matt said "Go ahead!" 21 new features later, V4 is soon to be unleashed upon the world.

(And V4.1 just behind it adding a list view, better DB use in the month display, password aging & db cleanup interface)