Its funny the problem i am encountering.
When i send a text into the database by using the text or textarea form element, i then try to retrieve that text back and place it into that same textfield or textarea, i encounter problems.
To explain the problem in a shorter way, assuming i have a text value stored in a variable as shown below, and i want to place that text value inside a textarea or a textfield i will encounter problems as shown below:
$value='We said "We are going there" yesterday';
$value1="We weren't supposed to go there"
It will appear cut if i tried to retrieve these texts and place them back in the textfield or textarea.
I know its because i tried to echo everything out i.e.
echo "<input type='text' name='textfield' value='".$value."'/>";
echo '<input type="text" name="textfield" value="'.$value1.'"/>';
They will not show the textfield containing the full text as the text will be truncated.
I have tried all means to find a solution to this problem and it just doesnt seem to work.
This certainly can pose some security threat esp when a user does some registration using a username that contains even the (`) character. pls can someone help me solve this problem by telling me what to do?
Textarea, and textfield problems
Moderator: General Moderators
Re: Textarea, and textfield problems
wrap it in htmlentities()
Code: Select all
$value='We said "We are going there" yesterday';
$value1="We weren't supposed to go there";
echo '<input type="text" name="textfield" value="'.htmlentities($value).'"/>';
echo '<input type="text" name="textfield" value="'.htmlentities($value1).'"/>';Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: Textarea, and textfield problems
Function to escape text for MySQL queries
Function to escape text for use in HTML
Note that you need to use ENT_QUOTES in htmlentities when you're putting it in a '-quoted attribute. It's not necessary for "-quoted attributes.
Function to escape text for use in HTML
Code: Select all
$text = "This text has \"s, 's, and `s.";
$query = "INSERT INTO table (a, b, c) VALUES (1, 2, '" . mysql_real_escape_string($text) . "')";
?>
<input type="text" name="textfield1" value="<?php echo htmlentities($text); ?>" />
<input type='text' name='textfield2' value='<?php echo htmlentities($text, ENT_QUOTES); ?>' />- AbraCadaver
- DevNet Master
- Posts: 2572
- Joined: Mon Feb 24, 2003 10:12 am
- Location: The Republic of Texas
- Contact:
Re: Textarea, and textfield problems
I was going to recommend htmlentities(), however I copied smixcer's code and didn't have the same problem. The way he has quoted his attributes and the quotes that are in the strings make it look like it would work fine also.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Re: Textarea, and textfield problems
Exactly what he posted, yeah there aren't any problems. But when reversed there are.AbraCadaver wrote:I was going to recommend htmlentities(), however I copied smixcer's code and didn't have the same problem. The way he has quoted his attributes and the quotes that are in the strings make it look like it would work fine also.
Code: Select all
<input type='text' name='textfield' value='We weren't supposed to go there'/>Code: Select all
<input type="text" name="textfield" value="We said "We are going there" yesterday"/>Re: Textarea, and textfield problems
Thanks Gees!
Never would it have occurred to me on using the htmlentities as a workaround. I'll try it when i hit the app environment.
Thanks Again
Never would it have occurred to me on using the htmlentities as a workaround. I'll try it when i hit the app environment.
Thanks Again