Hi. I have a form where a user can enter details. The results are written to a mysql database. I have used mysql_real_escape_string to escape quotes.
I have another page containing a form, where the value of this field is read from the database and used as a value for a hidden field.
This works fine unless the user originally entered double quotes in the submit form. In this instance, the hidden field value contains everything up to the quote. For example. assume the database contains the value [COLOR=”Red”]this is a “dodgy” value
[code=php]print ‘<input type=”hidden” name=”sample” value=”$rs[‘value’]” />’;
writes the following to the page.
[code=html]<input type=”hidden” name=”sample” value=”this is a ” />
What is the correct way to avoid this and display the entire string?