Page 1 of 1
selecting and displaying data
Posted: Wed Dec 26, 2007 10:19 am
by QbertsBrother
hello all
i have a page that has a form on it and i am selecting data from the database to populate the form.
what is happening is when i have some data that has a single or double quote the data dies at the quote.
like this.
data in the database: can't read past the quote
what is displayed on screen: can
i have tried to do a string replace and escape the quote with \ but no luck. if anyone has any input on this problem that would be great.
thanks
Posted: Wed Dec 26, 2007 10:23 am
by John Cartwright
Take a look at the html source, you're data is probably there but it is just not displaying correctly because it is terminating the element's quote. Reguardless, all output should always be passed through htmlspecialchars() to avoid such problems.
Code: Select all
<input name="foo" type="text" value="I"m screwing up the element becuase of my quote"> //bad
<input name="foo" type="text" value="<?php echo htmlspecialchars('I"m screwing up the element becuase of my quote'); ?>"> //good
Posted: Wed Dec 26, 2007 10:30 am
by QbertsBrother
thanks
the htmlspecialchars worked great.
just one more quick question.
when i have a form and i have php output the form what is the correct way to do it
should i do this
or like this?
is it incorrect to use the single quote?
thanks
Posted: Wed Dec 26, 2007 10:34 am
by John Cartwright
Either single or double quotes are fine, I believe. Although I'm not sure why you escaped your double quote in that example.
Posted: Wed Dec 26, 2007 10:43 am
by QbertsBrother
if i do something like this
Code: Select all
$output = "<input type="text">";
print $output;
there is an error
Code: Select all
$output = "<input type=\"text\">";
print $output;
but that works. or if you change the escaped double quotes with a single quote. but i heard someplace that you should use the double quotes instead of the single quotes.
Posted: Wed Dec 26, 2007 10:58 am
by John Cartwright
Either way is fine.