Double quote injection problem with mySQL and PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lauthiamkok
Forum Contributor
Posts: 153
Joined: Wed Apr 01, 2009 2:23 pm
Location: Plymouth, United Kingdom

Double quote injection problem with mySQL and PHP

Post by lauthiamkok »

Hi,

I have no problem injecting texts that come with quotes into my database (I think), for instance,

I'd like to say "Hello"

the problem is, when I can to edit this text (title) again, in the input field, it only shows this,

I'd like to say

the double quotes are missing. I think it is bcos of this - value="" which has double quotes,

Code: Select all

<input name="pg_title" type="text" value="<?php echo $row_page['pg_title'];?>"/>
how can I fix this problem??

many thanks,
Lau
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Double quote injection problem with mySQL and PHP

Post by pickle »

wrap what you echo in htmlentities()
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
lauthiamkok
Forum Contributor
Posts: 153
Joined: Wed Apr 01, 2009 2:23 pm
Location: Plymouth, United Kingdom

Re: Double quote injection problem with mySQL and PHP

Post by lauthiamkok »

pickle wrote:wrap what you echo in htmlentities()
got it! thanks it works fine now :D
Post Reply