Hi,
I am running into a problem, that I'm certain I've had before but for
some reason don't remember how to handle. If anyone can advise me on
what to do here, that would be great.
I have a PHP script that accepts some user input and validates it, and
if the validation fails, it re-displays the form. In the form, the
text fields' "value" attributes are set to the user's input so that the
user doesn't have to fill everything out again. The whole system works
great, and I'm sure you've all seen it a hundred times before.
The problem happens when a user enters a single quote, such as in the
string "O'Reilly". Re-displaying this value in the "value" attribute
of the form, like this:
<input type='text' name='publisher' value='O'Reilly' />
is clearly invalid HTML, and it shows when the page is rendered in the
user's browser (only the "O" gets through).
If I turn on magic_quotes_gpc or use addslashes, the output is like so:
<input type='text' name='publisher' value='O\'Reilly' />
And of course, when rendered, simply allows the "O\" to get through.
I can solve this problem by using double-quotes instead of
single-quotes for my attributes, and that is probably what I'm going to
have to do. However, this means I can't let users enter double quotes,
or the same thing will happen. In other fields, double-quotes might be
necessary. Is there any other solution?
Thanks,
Erik
PS: I am using htmlentities() on the output before displaying it in the
browser, but it doesn't apply to singlequotes. I suppose I could
str_replace it, but I'm wondering how other people handle this
situation....
--
Erik Price
email: [EMAIL PROTECTED]
jabber: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
- Re: [PHP] escaping quotes for redisplay Erik Price
- Re: [PHP] escaping quotes for redispla... David Otton
- RE: [PHP] escaping quotes for redispla... Ford, Mike [LSS]
- [PHP] Best way to sort a multidime... Mark Cubitt
