Page 1 of 2
Quotes in Text Boxes
Posted: Thu Jul 20, 2006 5:41 pm
by icesolid
How can I escape quotes in a text box. Everytime I display data to a user that has quotes in it, the rest of the data after the quotes does not show up.
Posted: Thu Jul 20, 2006 5:43 pm
by Benjamin
Posted: Thu Jul 20, 2006 5:47 pm
by Burrito
htmlentities will turn a quote into the html version """ if you just want to escape them (by adding a backslash in front) take a look at
addslashes()
Posted: Thu Jul 20, 2006 5:56 pm
by Benjamin
I think he's talking about an input text box. Adding slashes wouldn't fix it.
You can use
Code: Select all
$varName = html_entity_decode($varName);
to change them back..
Posted: Thu Jul 20, 2006 6:28 pm
by RobertGonzalez
Why won't addslashes work? It sounds like the quotes aren't getting escaped?
Posted: Thu Jul 20, 2006 6:36 pm
by Benjamin
Code: Select all
<input type="text" name="sample" value="Mike said, \"I am escaped\"" />
Posted: Thu Jul 20, 2006 6:38 pm
by RobertGonzalez
Sorry, I totally did not understand that post to mean default values. I thought he meant when the form was posted. My bad.
Posted: Thu Jul 20, 2006 6:40 pm
by Benjamin
I'm assuming that is what he means because if he was trying to insert it into a database he would be asking why mysql is throwing errors instead.
Posted: Thu Jul 20, 2006 6:42 pm
by RobertGonzalez
What if he was posting form data to the screen only? I have no idea why I would think that, but that is what I thought.
Posted: Thu Jul 20, 2006 6:43 pm
by Benjamin
I dunno maybe we should ask him.

Posted: Thu Jul 20, 2006 6:45 pm
by RobertGonzalez
That would be the smart thing to do, but I was having fun playing volleypost with you.

Posted: Fri Jul 21, 2006 2:55 am
by JayBird
Everah wrote:What if he was posting form data to the screen only? I have no idea why I would think that, but that is what I thought.
That's what i think he means!
Posted: Fri Jul 21, 2006 3:46 am
by RobertGonzalez
Hey hey, so I'm not the only one who thought that. Cool.
Posted: Fri Jul 21, 2006 3:47 am
by Benjamin
What do you guys mean, "Posting data to the screen"? Like in a textbox?
Posted: Fri Jul 21, 2006 6:53 am
by AngryPanda
I believe he means...
Code: Select all
$str = ' oh no " , <this> is going to get "messed up && >>"';
echo '<input type="text" value="' . $str . '">';
# which would break it, so you gotta entities it ( not decode the entities )
echo '<input type="text" value="' . htmlentities($str) . '">';
Although most likely it's in a textarea and not input type text, the point gets across...