Hi there :) Use the addslashes() function prior to insertion to database, and stripslashes() on retrieval from db before you display it.
//prior to db insertion $myvar = addslashes($myvar); //on retrieval $myvar = stripslashes($myvar); Since you are wanting to display it to the user before inserting to the databse, you'll have to add, then strip before displaying, and then use the addslashes() again prior to inserting. When retrieving this data at a later point you'll have to use stripslashes() again. Hope this helps, Joe :) "James Taylor" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm having this one issue that's really bugging me - I have a textarea where > you can type in something - After typing it in, it goes to another page > asking you to verify, if it's correct, it inserts it into a database. > > The page that asks you to verify holds the value of the textbox in a hidden > form field. If the value the user entered in contains any single (') or > double (") quotes, it will mess everything up. Single quotes end up having a > backslash thrown automatically in front of it, and it inserts it into the > database WITH THE backslash. If there are double quotes, the HTML will get > messed up due to the fact that when it sees the quote, it will cut off the > rest of the value because if: > > value="this is an example: "Hello how are you"." > > > everything after example: is going to get cut off. > > I tried putting the value in a query string, but when traveling across two > pages, it seems to do the exact same thing. > > Any suggestions? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php