Page 1 of 1

selecting and displaying data

Posted: Wed Dec 26, 2007 10:19 am
by QbertsBrother
hello all

i have a page that has a form on it and i am selecting data from the database to populate the form.

what is happening is when i have some data that has a single or double quote the data dies at the quote.

like this.

data in the database: can't read past the quote

what is displayed on screen: can

i have tried to do a string replace and escape the quote with \ but no luck. if anyone has any input on this problem that would be great.

thanks

Posted: Wed Dec 26, 2007 10:23 am
by John Cartwright
Take a look at the html source, you're data is probably there but it is just not displaying correctly because it is terminating the element's quote. Reguardless, all output should always be passed through htmlspecialchars() to avoid such problems.

Code: Select all

<input name="foo" type="text" value="I"m screwing up the element becuase of my quote"> //bad
<input name="foo" type="text" value="<?php echo htmlspecialchars('I"m screwing up the element becuase of my quote'); ?>"> //good

Posted: Wed Dec 26, 2007 10:30 am
by QbertsBrother
thanks

the htmlspecialchars worked great.

just one more quick question.

when i have a form and i have php output the form what is the correct way to do it

should i do this

Code: Select all

<input type='text'>
or like this?

Code: Select all

<input type=\"text\">
is it incorrect to use the single quote?

thanks

Posted: Wed Dec 26, 2007 10:34 am
by John Cartwright
Either single or double quotes are fine, I believe. Although I'm not sure why you escaped your double quote in that example.

Posted: Wed Dec 26, 2007 10:43 am
by QbertsBrother
if i do something like this

Code: Select all

$output = "<input type="text">";

print $output;
there is an error

Code: Select all

$output = "<input type=\"text\">";

print $output;
but that works. or if you change the escaped double quotes with a single quote. but i heard someplace that you should use the double quotes instead of the single quotes.

Posted: Wed Dec 26, 2007 10:58 am
by John Cartwright
Either way is fine.