Page 1 of 1

php from database into text input field—what's wrong?

Posted: Sun Dec 21, 2014 9:37 pm
by someguyhere
I have the following code to pull data from mysql:

Code: Select all

<input type="text" name="title" value="<?php echo addslashes get_option('title'); ?>" />
which is fine until I use quotes, such as:

Code: Select all

This <span class="bannertitle">Title</span>
I tried escaping it with addslashes, but it still breaks the page that the data is displayed on. (It's displayed in an admin page within Wordpress, but it works fine where the data is used on the front end.) This is the code output in the admin page:

Code: Select all

<input type="text" name="title" value="This<span class="bannertitle">Title</span>" />
Which looks like this:

Image

How can I fix this?

Re: php from database into text input field—what's wrong?

Posted: Mon Dec 22, 2014 1:20 am
by requinix
addslashes() should almost never be used. It's not the right function for whatever purpose you may have.

Here you should be using htmlspecialchars instead.