Quotes in Text Boxes

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

icesolid
Forum Regular
Posts: 502
Joined: Mon May 06, 2002 9:36 pm
Location: Buffalo, NY

Quotes in Text Boxes

Post by icesolid »

How can I escape quotes in a text box. Everytime I display data to a user that has quotes in it, the rest of the data after the quotes does not show up.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Code: Select all

$string = htmlentities($string);
Last edited by Benjamin on Thu Jul 20, 2006 5:58 pm, edited 1 time in total.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

htmlentities will turn a quote into the html version """ if you just want to escape them (by adding a backslash in front) take a look at addslashes()
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I think he's talking about an input text box. Adding slashes wouldn't fix it.

You can use

Code: Select all

$varName = html_entity_decode($varName);
to change them back..
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Why won't addslashes work? It sounds like the quotes aren't getting escaped?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Code: Select all


<input type="text" name="sample" value="Mike said, \"I am escaped\"" />

User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Sorry, I totally did not understand that post to mean default values. I thought he meant when the form was posted. My bad.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I'm assuming that is what he means because if he was trying to insert it into a database he would be asking why mysql is throwing errors instead.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

What if he was posting form data to the screen only? I have no idea why I would think that, but that is what I thought.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I dunno maybe we should ask him. :)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

That would be the smart thing to do, but I was having fun playing volleypost with you. :twisted:
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

Everah wrote:What if he was posting form data to the screen only? I have no idea why I would think that, but that is what I thought.
That's what i think he means!
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Hey hey, so I'm not the only one who thought that. Cool.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

What do you guys mean, "Posting data to the screen"? Like in a textbox?
AngryPanda
Forum Newbie
Posts: 16
Joined: Wed Jul 19, 2006 12:18 am

Post by AngryPanda »

I believe he means...

Code: Select all

$str = ' oh no " , <this> is going to get "messed up && >>"';

echo '<input type="text" value="' . $str . '">';

# which would break it, so you gotta entities it ( not decode the entities )

echo '<input type="text" value="' . htmlentities($str) . '">';

Although most likely it's in a textarea and not input type text, the point gets across...
Post Reply