Page 1 of 1

Need help with the htmlspecialchars function

Posted: Tue Apr 24, 2007 12:00 pm
by PastorHank
The value I am working with is "butler's ignition #37" - This data is being stored correctly in the database from my input form.

I have a lookup form that contains the following line

Code: Select all

echo "<option value=\"".htmlspecialchars($animalid)."\">$animalid";
On the list this shows correctly as "butler's ignition #37"

If this is the record that is selected then I go to another form where the ID is echoed twice -

the first place is at the top

Code: Select all

$animal_to_use=strip_tags(trim($_POST['bulllist']));
$text_to_use="Upload Photos For ";
$titleline=$text_to_use.($animal_to_use);
then $titleline is used

Code: Select all

echo "<h1 align='center'>$titleline</h1>";
At this point the id is seen as "buter\'s ignition #37" with the \ added
and when I do a var_dump($animal_to_use) I get the same value "butler\'s ignition #37"

NOW I use $animal_to_use in my SELECT Statement and it works just fine and so when I echo the results from my query

I also have the id in an input field using this

Code: Select all

echo "<tr>\n
<td align='right'><b>Animal</b></td>
<td><input type='text' name='animalid' READONLY value=\"".htmlspecialchars($animalid)."\"></td>
</tr>";
and the id in the input field is displayed correctly as 'butler's ignition #37'

I need to get a consistent result and I have to be able to work with field values that contain apostrophes and blank spaces.

Is there a better way to handle special characters such as the apostrophe, the number sign and blank spaces in field values?

I've googled htmlspecialchars and can't seem to find a lot of info on the proper way to use this function.

Thank you

Posted: Tue Apr 24, 2007 3:14 pm
by feyd
You have magic quotes on..

get_magic_quotes_gpc() + stripslashes() = Image

Posted: Tue Apr 24, 2007 3:22 pm
by PastorHank
Thank you very much, that fixed it.