I have a data entry point that is for an items cost; however if the $ is used in the data entry, the db does not accept it since the column is decimal (4,2) therefore I need to strip any $ or lb signs in from this before submitting to the db.


$strippeddata = explode("$",$textfieldname);


Can I use this to accomplish what I need?

Go with str_replace().

IE:

str_replace('$', '', $textfieldname);

So fo example the data is submitted via form (text area name is textfieldname) and before it is submitted to the db I want to do:


$var = str_replace('$', '', $textfieldname);

$query = "INSERT INTO foo VALUES cost=$var";


And the db will contain the data without the $ correct? Now what about removing a euro sign, is there a way to strip it in the same function or do you have to do 2 separate str_replaces?

Thanks!
Scott Z.

If you use it many times, you could make a single function out of it. Otherwise its not worth it.function stripCurrencySigns($value)
{
$value = str_replace('$', '', $value);
$value = str_replace('€', '', $value);
return $value;
}And then..$strippeddata = stripCurrencySigns($textfieldname);

Excellent, just what I was looking for. :) Thanks guys!

Scott Z.

That works beautifully!

Here are a couple of follow-up questions.

I have a form that has 5 inputs fields. Is there a way to run all of them through the strip function without specifying each one? Right now it looks like this:

$cost1 = strip($cost);
$from1 = strip($from);
$qty1 = strip($qty);
$common1 = strip($common);
$scientific1 = strip($scientific);


It would be nice to be able to somehow pass the whole form through my strip function?

Second question, if a value has a ' in it, the form does not input into the db so I guess I need to add slashes to it and then when retrieved, remove the slashes.

I have this in my strip function:


$value = str_replace("'", "\'", $value);


Which works great however I am curious why I do not have to strip the \ when the data is retrieved from the DB?

Thanks!
Scott Z.

It would be nice to be able to somehow pass the whole form through my strip function?

You can do this:

foreach ($_POST AS $_key => $_value)
{
$_POST["$_key"] = strip($_value);
}


Second question, if a value has a ' in it, the form does not input into the db so I guess I need to add slashes to it and then when retrieved, remove the slashes.

PHP has two built in functions called addslashes() and stripslashes(). They do exactly what they say and they take a string value.

So like:

$new_value = addslashes($old_value)

And then when displaying it:

$new_value = stripslashes($old_value)

But, if you have the magic_quotes_gpc enabled, do not use these functions!

To find out if you have this enabled, do this:

<?php

phpinfo();

?>

And search for magic_quotes_gpc and make sure it is off. If it is on, you do not need to run it through those functions. If it is on, don't run those functions.

Also, put this at the top of your file:

set_magic_quotes_runtime(0);

That will make sure that quotes aren't added/removed when performing a database query.

I appreciate the bit of education!

When I add this funtion to pass the whole for through my strip function, I can leave the variable names for the INSERT query the same as the form object names correct?

So magic_quotes_gpc is ON and magic_quotes_runtime is off. So are you saying that I shouldn't use the foreach you posted to run the whole form through my strip function?

Thanks again,
Scott Z.

I appreciate the bit of education!

When I add this funtion to pass the whole for through my strip function, I can leave the variable names for the INSERT query the same as the form object names correct?

That foreach() loop I posted will keep the same array keys as before, if that is what you were asking.

So magic_quotes_gpc is ON and magic_quotes_runtime is off. So are you saying that I shouldn't use the foreach you posted to run the whole form through my strip function?

The foreach loop I posted will run your custom function that strips out the currency symbol. But, you shouldn't use addslashes().

More info: magic_quotes_gpc stands for Get, Post, and Cookie. Those arrays are run through the addslashes() already if you have it enabled, and thus doing it twice is bad. I think that you still need to run stripslashes(), but I'm not sure... make a simple PHP script with a form and test it with both cases. (By the way, if you ever use the $_REQUEST array, it is a merger of the $_POST, $_COOKIE and $_GET superglobals ;))

Ok, so I am learning still.

Since magic_quotes_gpc is on, I don't need to run any of my form data through $_POST?

Also that is why one of my recent changes makes since but something don't make since. As mentioned above, if a ' was passed through a form, the db would not accept any data so in my function I do a str_replace("'" , "\'", $value); which then allows the data to enter the db, but in the db it doesn't have the \. So my question is (for my own education) if addslashes() and stripslashes() are a part of magic_quotes_gpc then why do I have to run it through str_replace() before it is accepted into the db?

Thanks again, I really appreciate the help!
Scott Z.

You shouldn't have to do do that at all.

Here's a few examples:

magic_quotes_gpc is on

// PHP does this internally

$_POST = addslashes($_POST);
$_GET = addslashes($_GET);
$_COOKIE = addslashes($_COOKIE);

// When entering stuff into the database you'd just use this
mysql_query("UPDATE foo SET moo = '$_POST[poo]' WHERE zoo=1");

magic_quotes_gpc is off

// Since the superglobals haven't had slashes added, you need to do it yourself
mysql_query("UPDATE foo SET moo = '" . addslashes($_POST['poo']) . "' WHERE zoo=1");

Then, when you display, you need to strip slashes (I think in both cases).

Now, magic_quotes_runtime is a PHP directive that will addslashes() when performing a database query. Thus, you need to run:

set_magic_quotes_runtime(0);

This will turn it off, whereas magic_quotes_gpc can not be set at runtime (in a PHP file).

In short, you don't need the str_replace() to strip and add the slashes as there are already functions to do that.

Ok, so I just continue to run my forms through $_POST:


$textfield = $_POST['textfield'];


And that will handle the addition of the slashes.

Thanks!