> I use the following php code to build a dynamic table retrieving values
> a MySQL databases that have been inserted with slashes added -
> echo "<td width='100'><input name='descr' type='text' size='45'
> maxlength='20' readonly value='".StripSlashes(mysql_result($badgedetails,
> $i, 'descr'))."' tabindex='1'/></td>";
> The problem is, if the value to be displayed is for example O'Neill, then
> the output will look something like -
> <td width='100'><input name='descr' type='text' size='45' maxlength='20'
> readonly value='O'Neill' tabindex='1'/></td>
> Quite correctly, when this page is rendered, all that will be displayed is
> as the apostrophe after the O will be treated as a closing parenthesis. I
> understand AddSlashes and StripSlashes but how can I utilise them to
> this issue.
HTML doesn't understand that a slash means to escape a character. What you
need to do is use htmlentities() or htmlspecialchars() on the data before
you place it between your quotes.
echo "<td width='100'><input name='descr' type='text' size='45'
maxlength='20' readonly value='".htmlentities(mysql_result($badgedetails,
$i, 'descr'))."' tabindex='1'/></td>";
Note: You should not have to be doing stripslashes() on data coming from
your database unless magic_quotes_runtime is ON. If your data is coming out
with slashes in it, or you can SEE the slashes in the actual data in the
database, then you are calling addslashes() twice on your data somehow.
I also kind of question why you have mysql_result in there. It's faster to
use the mysql_fetch_* functions...
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php