passing variables through url get garbled
Moderator: General Moderators
passing variables through url get garbled
I am passing variables through a url and even using urlencode I still have problems with the ' character. It wants to convert them to \ or just kill the remainder of the variable after the ' character.
Sometimes you need to use the concatenation like:
Code: Select all
echo "<input name=comment size=55 value='".$variable."'>";
// or if you're passing it through url
echo "<input name=comment size=55 value='".$_GET['variable']."'>"I appreciate your effort! Sadly, your last suggestions didn't work. The first one echoed the first word as though nothing had changed. It still left off any other text after the ' character. The second suggestion added the \ character back even though stripslashes had been used. No further text was displayed with it either.
$foo = "test test's test"
echo "<INPUT NAME=comment SIZE=55 VALUE= '".$foo."' >"
This will return "test test" and not show "test test's test" as it should. I've tried value= '$foo' first. Any ideas?
$foo = "test test's test"
echo "<INPUT NAME=comment SIZE=55 VALUE= '".$foo."' >"
This will return "test test" and not show "test test's test" as it should. I've tried value= '$foo' first. Any ideas?
use the htmlspecialchars() function
http://us4.php.net/manual/tr/function.h ... lchars.php
http://us4.php.net/manual/tr/function.h ... lchars.php
Code: Select all
<?php
echo "<INPUT NAME=comment SIZE=55 VALUE= '" . htmlspecialchars($foo, ENT_QUOTES ) ."' >";
?>With $foo defined like this it can't be correct. In $foo you have ' mark so it's obvious that it can't be parsed correctly.nefus wrote:I appreciate your effort! Sadly, your last suggestions didn't work. The first one echoed the first word as though nothing had changed. It still left off any other text after the ' character. The second suggestion added the \ character back even though stripslashes had been used. No further text was displayed with it either.
$foo = "test test's test"
echo "<INPUT NAME=comment SIZE=55 VALUE= '".$foo."' >"
This will return "test test" and not show "test test's test" as it should. I've tried value= '$foo' first. Any ideas?
After PHP parsing the server will send html like this:
Code: Select all
<INPUT NAME=comment SIZE=55 VALUE= 'test test's test'>
// so the 'test test' is a value and "s test'" is some other s**tThe $foo should be defined:
Code: Select all
$foo = "test test''s test"; // so the ' is treated literaryBut like corlando said. Use the htmlspecialchars().
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
It would be a good idea to have your HTML attributes in double quotes instead of single quotes, so instead of:
you should have
which gets rid of the immediate problem with single quotes in the value (which can't be escaped in HTML as they can be in PHP).
Then to make sure that double quotes (or other HTML special characters) within the string don't cause a problem, use the htmlspecialchars() function as was advised earlier (using single instead of double quotes around the string in PHP):
Mac
Code: Select all
<INPUT NAME=comment SIZE=55 VALUE= 'test test's test'>Code: Select all
<INPUT NAME="comment" SIZE="55" VALUE="test test's test">Then to make sure that double quotes (or other HTML special characters) within the string don't cause a problem, use the htmlspecialchars() function as was advised earlier (using single instead of double quotes around the string in PHP):
Code: Select all
echo '<input name="comment" size="55" value= "'.htmlspecialchars($foo) .'">';