I have a textbox. When the user enters the " symbol. I had to strip that symbol before storing into the database. Please help. Any help will be appreciated
Django Code:
postDict = request.POST.copy()
profile = quser.get_profile()
profile.i_like= postDict['value']
profile=profile.save()
No, you need to escape the quotes, not strip them. Depending on your database, functions such as mysql_real_escape_sting() will do this
(assumption, you're using PHP because you've tagged this question "PHP")
Use str_replace() for that. You might also just need to escape it, and store it in the database.
$text2 = str_replace('"', '', $text1); //removing
$text2 = str_replace('"', '\"', $text1); //escaping
(Python answer) You can either remove the quotes by simply replacing them in the string (by using myString.replace( '"', '' )) or – which would be a better solution – store the quotes in the database as well but just make sure that they are escaped correctly. How this works depends on your database, but “escaping” is a good keyword to search for, another would be “prepared statements” when you are using an SQL database.
You can use escape function, build in to django. This function returns the given HTML with ampersands, quotes and angle brackets encoded.
Example:
In [1]: from django.utils.html import escape
In [2]: escape('"test"')
Out[2]: u'"test"'