hidden input fields

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

hidden input fields

Post by s.dot »

I want to allow HTML to be passed in a varible that I have inside a hidden input field. however i'm having problems with quotes

lets say I enter this

Code: Select all

<font color="red">text</font>
then I want to pass this through a form and stick it in a hidden input field

it shows up like this

Code: Select all

<input type="hidden" name="message" value="<font color=\"red\">text!</font>">
I thought that would be OK since the " are escaped with a \

but on the webpage it shows up like this

Code: Select all

text!">
like the " is ending the field
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

is the only way to do it is to use htmlentities() to pass it and to insert it into the DB, then when I need it displayed on the webpage to use html_entity_decode() ?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Code: Select all

<input type="hidden" name="message" value="<font color=||||red||||>text!</font>">

Code: Select all

$message = str_replace("||||", "\"", $message);
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Or by using base64_encode before and base64_decode after doing the magic with it. Or similiar...
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Well i seemed to work it out using htmlentities()

However, it's showing up as HTML in the database (which is OK, im just wondering why its doing it)

the value I'm POSTing looks like this

Code: Select all

<input type="hidden" name="message" value="<font color="red">text!</font>">
OK, cool, that's what I expected it to do.
Here's how I'm processing this POST value

Code: Select all

$message = mysql_real_escape_string(me_strip_css(me_strip_js(stripslashes($_POST['message']))));
the functions me_strip_css and me_strip_js is only preg_replace-ing values.

When I submit this form, it shows up in the database as HTML and not the entities that I passed. How come?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Post Reply