/    Sign up×
Community /Pin to ProfileBookmark

double quotes from mysql result are ending input values

Copy linkTweet thisAlerts:
Jul 22.2009

Hi. I have a form where a user can enter details. The results are written to a mysql database. I have used mysql_real_escape_string to escape quotes.

I have another page containing a form, where the value of this field is read from the database and used as a value for a hidden field.

This works fine unless the user originally entered double quotes in the submit form. In this instance, the hidden field value contains everything up to the quote. For example. assume the database contains the value [COLOR=”Red”]this is a “dodgy” value[/COLOR].

[code=php]print ‘<input type=”hidden” name=”sample” value=”$rs[‘value’]” />’;[/code]

writes the following to the page.

[code=html]<input type=”hidden” name=”sample” value=”this is a ” />[/code]

What is the correct way to avoid this and display the entire string?

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@MindzaiJul 22.2009 — use htmlentities() on the data.
×

Success!

Help @Typhoon101 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...