Quote escaping errors in fields

  • richplane

    (@richplane)


    12 years, 7 months ago

    The system doesn’t seem to be able to cope with quotes or apostrophes appearing in field names. When we see it either in the Registration Form Settings page of the admin area or live on the form the quotes are preceded by a backslash.

    Editing the field and leaving the backslash in place results in the backslash getting escaped as well. So “Enter your cat’s name” becomes “Enter your cat\’s name” and then “Enter your cat\\\’s name” and so on.

    Must be a problem with escaping the data, clearly – are you using mysql_real_escape_string before writing to the DB?

    I’ve checked your code – hope you don’t mind. It looks like you’re using the WordPress function sanitize_key() – the documentation for which says “Lowercase alphanumeric characters, dashes and underscores are allowed” – so it’s clearly not appropriate to sanitize full text input with spaces, quotes and all sorts. But that may not be what’s going on – and I certainly couldn’t fix it myself.

    Hope that’s useful
    Rich

    http://wordpress.org/plugins/simplr-registration-form/

The topic ‘Quote escaping errors in fields’ is closed to new replies.