Page 1 of 1
hidden input fields
Posted: Wed Nov 16, 2005 9:19 am
by s.dot
I want to allow HTML to be passed in a varible that I have inside a hidden input field. however i'm having problems with quotes
lets say I enter this
then I want to pass this through a form and stick it in a hidden input field
it shows up like this
Code: Select all
<input type="hidden" name="message" value="<font color=\"red\">text!</font>">
I thought that would be OK since the " are escaped with a \
but on the webpage it shows up like this
like the " is ending the field
Posted: Wed Nov 16, 2005 9:27 am
by s.dot
is the only way to do it is to use htmlentities() to pass it and to insert it into the DB, then when I need it displayed on the webpage to use html_entity_decode() ?
Posted: Wed Nov 16, 2005 9:30 am
by Grim...
Code: Select all
<input type="hidden" name="message" value="<font color=||||red||||>text!</font>">
Code: Select all
$message = str_replace("||||", "\"", $message);
Posted: Wed Nov 16, 2005 9:33 am
by JAM
Or by using
base64_encode before and
base64_decode after doing the magic with it. Or similiar...
Posted: Wed Nov 16, 2005 9:36 am
by s.dot
Well i seemed to work it out using htmlentities()
However, it's showing up as HTML in the database (which is OK, im just wondering why its doing it)
the value I'm POSTing looks like this
Code: Select all
<input type="hidden" name="message" value="<font color="red">text!</font>">
OK, cool, that's what I expected it to do.
Here's how I'm processing this POST value
Code: Select all
$message = mysql_real_escape_string(me_strip_css(me_strip_js(stripslashes($_POST['message']))));
the functions me_strip_css and me_strip_js is only preg_replace-ing values.
When I submit this form, it shows up in the database as HTML and not the entities that I passed. How come?