On Monday 07 January 2002 01:59, Richard S. Crawford wrote:
> I've used a combination of addslashes() and stripslashes() along with
> htmlspecialchars() to perform just that sort of thing, though I used MySQL
> instead of PostreSQL.

I've got it sorted so that when the user enters the HTML data in the form, it 
is retrieved and stripslashes() is used so that I can just use print() to 
display it.

The only problem comes when I want to send this data back again (so that the 
user can edit it after they view it). Everything's fine unless the user has a 
quote (") in the text because it messes up the HTML tag.

For example, consider the string $body = "I am saying \"Hello\"";

<input type="hidden" name="body" value="<?=$body>">
is interpreted by the browser as
<input type="hidden" name="body" value="I am saying "Hello"">
And so we have a problem.

What can I do about that?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to