Look into stripslashes():

and htmlspecialchars():

Steven J. Walker
Walker Effects

On Wednesday, February 27, 2002, at 11:08  AM, James Taylor wrote:

> I'm having this one issue that's really bugging me - I have a textarea 
> where
> you can type in something - After typing it in, it goes to another page
> asking you to verify, if it's correct, it inserts it into a database.
> The page that asks you to verify holds the value of the textbox in a 
> hidden
> form field.  If the value the user entered in contains any single (') or
> double (") quotes, it will mess everything up.  Single quotes end up 
> having a
> backslash thrown automatically in front of it, and it inserts it into 
> the
> database WITH THE backslash.  If there are double quotes, the HTML will 
> get
> messed up due to the fact that when it sees the quote, it will cut off 
> the
> rest of the value because if:
> value="this is an example: "Hello how are you"." >
> everything after example: is going to get cut off.
> I tried putting the value in a query string, but when traveling across 
> two
> pages, it seems to do the exact same thing.
> Any suggestions?
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to