hello all
i have a page that has a form on it and i am selecting data from the database to populate the form.
what is happening is when i have some data that has a single or double quote the data dies at the quote.
like this.
data in the database: can't read past the quote
what is displayed on screen: can
i have tried to do a string replace and escape the quote with \ but no luck. if anyone has any input on this problem that would be great.
thanks
selecting and displaying data
Moderator: General Moderators
-
QbertsBrother
- Forum Commoner
- Posts: 58
- Joined: Thu Oct 11, 2007 10:12 am
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Take a look at the html source, you're data is probably there but it is just not displaying correctly because it is terminating the element's quote. Reguardless, all output should always be passed through htmlspecialchars() to avoid such problems.
Code: Select all
<input name="foo" type="text" value="I"m screwing up the element becuase of my quote"> //bad
<input name="foo" type="text" value="<?php echo htmlspecialchars('I"m screwing up the element becuase of my quote'); ?>"> //good-
QbertsBrother
- Forum Commoner
- Posts: 58
- Joined: Thu Oct 11, 2007 10:12 am
thanks
the htmlspecialchars worked great.
just one more quick question.
when i have a form and i have php output the form what is the correct way to do it
should i do this
or like this?
is it incorrect to use the single quote?
thanks
the htmlspecialchars worked great.
just one more quick question.
when i have a form and i have php output the form what is the correct way to do it
should i do this
Code: Select all
<input type='text'>
Code: Select all
<input type=\"text\">
thanks
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
-
QbertsBrother
- Forum Commoner
- Posts: 58
- Joined: Thu Oct 11, 2007 10:12 am
if i do something like this
there is an error
but that works. or if you change the escaped double quotes with a single quote. but i heard someplace that you should use the double quotes instead of the single quotes.
Code: Select all
$output = "<input type="text">";
print $output;
Code: Select all
$output = "<input type=\"text\">";
print $output;
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact: