Smart Quotes = ‘ ??

For some reason, when i submit a textfield with this: [quote]“spies” ‘ticket’[/quote] as the value through a POST form, then insert it into a mysql table, this is what ends up in the table: [quote]‘spies’ “ticket”[/quote]

To sanitize my forms i use this:

[code]function safe_string($str)
{
if (get_magic_quotes_gpc())
$str = stripslashes($str);

//tried this to replace the smart quotes..  no good. :(
$search = array('‘','’','“','”');
    $replace = array("'","'",'"','"');
$str = ereg_replace($search, $replace, $str);

return mysql_real_escape_string(trim($str));
}[/code]

Anyone know why this might be happening? My table is using "latin1 -- cp1252 West European" as the charset, and i checked PHP, it's using UTF8..  it's breaking my brain since i've been messing with this for about 10 hours now and I still can't figure it out..

If you print_r $_POST, do you see the smart quotes, or the combination of special characters?

i see the smart quotes..

if i print_r the query it'self then manually run the query, it ends up looking right in the database, but if php runs the query, it's the 3 chars instead of the smart quotes.. 

Latin 1 - 1252 has:

[quote]
91 2018 LEFT SINGLE QUOTATION MARK
92 2019 RIGHT SINGLE QUOTATION MARK
93 201C LEFT DOUBLE QUOTATION MARK
94 201D RIGHT DOUBLE QUOTATION MARK
[/quote]

Try:

[code]
$str = preg_replace('/[\x91-\x92]/', "'", $str);
$str = preg_replace('/[\x93-\x94]/', '"', $str);
[/code]

strangely..  that didn't do the trick..  :S

i get the impression PHP is somehow encoding the string strangely or maybe the form is..  eitherway, i don't get it. :(

Take a look at [url=http://shiflett.org/archive/165]this article[/url]. It may be of some help.

Ken

that was actually the first thing i tried.. :(

i checked the query and even with both those methods being used, “spies” ‘ticket’ still ends up being the resulting string..

this is perplexing..

If PHP is using UTF-8, you may need to utf8_decode the $_POST string before running the replace.

closer!!

haha

now it does: [code]?spies? ?ticket?[/code]

dagnabbit.

i guess no one else has any ideas?

I've pretty much exausted all my ideas, i tried toying around in php.ini and httpd.conf to see if it would do anything..

maybe i should use mbstring ?

Are you specifying the charset in your meta? This works for me:

[code]
<meta charset="cp1252">
<pre>
<?php
print_r($_POST);
foreach ($_POST as $k => &$v) {
$v = preg_replace('/[\x93-\x94]/', '"', $v);
}
print_r($_POST);
?>
</pre>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<textarea name="test"><?php echo "\x93test\x94"; ?></textarea>
<input type="submit"/>
</form>
[/code]

omg! that's it!!

THAT's what it was..  the page's content type. ack, i just copied/pasted it from another page.. ehhh

[code]<meta http-equiv="Content-Type" content="text/html; charset=utf-8">[/code]

every other site on my server uses

[code]<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">[/code]

Which explains why this problem has never cropped up on me.. :P