php from database into text input field—what's wrong?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
someguyhere
Forum Contributor
Posts: 181
Joined: Sun Jul 27, 2008 3:24 pm

php from database into text input field—what's wrong?

Post by someguyhere »

I have the following code to pull data from mysql:

Code: Select all

<input type="text" name="title" value="<?php echo addslashes get_option('title'); ?>" />
which is fine until I use quotes, such as:

Code: Select all

This <span class="bannertitle">Title</span>
I tried escaping it with addslashes, but it still breaks the page that the data is displayed on. (It's displayed in an admin page within Wordpress, but it works fine where the data is used on the front end.) This is the code output in the admin page:

Code: Select all

<input type="text" name="title" value="This<span class="bannertitle">Title</span>" />
Which looks like this:

Image

How can I fix this?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: php from database into text input field—what's wrong?

Post by requinix »

addslashes() should almost never be used. It's not the right function for whatever purpose you may have.

Here you should be using htmlspecialchars instead.
Post Reply