[PHP] escaping quotes in forms and redisplaying variables in form fields
I'm stumbling over how to allow people to put single or double quotes in a form text field. I am passing the form to itself ($PHP_SELF) and on the second time through previewing what the form data will look like and also re-creating the form with the data already filled in. Here's an example of one text field: $display_line .=input type='text' name='signature' value='$noslash_signature' size='35' maxlength='100'; (I have stripslashes() the $signature variable to create $noslash_signature.) If someone signs their name O'Brien, the preview shows O'Brien, but all that shows in the form field is O. However, Joe Bruiser Jones displays correctly in preview and the form. If I change the code like this (adding the \ around the variable): $display_line .=input type='text' name='signature' value=\$noslash_signature\ size='35' maxlength='100'; O'Brien will display OK, but Joe Bruiser Jones shows just Joe in the form field. One solution is to change the text form to textarea, but I'd prefer to be able to redisplay at text form field if possible. TIA, John Hughes __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] escaping quotes in forms and redisplaying variables in form fields
See: http://www.php.net/manual/en/function.htmlspecialchars.php John Hughes wrote: I'm stumbling over how to allow people to put single or double quotes in a form text field. I am passing the form to itself ($PHP_SELF) and on the second time through previewing what the form data will look like and also re-creating the form with the data already filled in. Here's an example of one text field: $display_line .=input type='text' name='signature' value='$noslash_signature' size='35' maxlength='100'; (I have stripslashes() the $signature variable to create $noslash_signature.) If someone signs their name O'Brien, the preview shows O'Brien, but all that shows in the form field is O. However, Joe Bruiser Jones displays correctly in preview and the form. If I change the code like this (adding the \ around the variable): $display_line .=input type='text' name='signature' value=\$noslash_signature\ size='35' maxlength='100'; O'Brien will display OK, but Joe Bruiser Jones shows just Joe in the form field. One solution is to change the text form to textarea, but I'd prefer to be able to redisplay at text form field if possible. -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] escaping quotes in forms and redisplaying variables in form fields
Yeah, you have to convert the single and double quotes to html entities so they are not mistaken for the end of the string. If you look at your source code, you'll see why it's happening. value = 'O'Bryan' value = Joe Bruiser Smith You can see how the 'O' is taken as the string, and the rest is ignored. Same for the double quotes. ---John Holmes... - Original Message - From: Robert Cummings [EMAIL PROTECTED] To: John Hughes [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, May 06, 2002 5:06 PM Subject: Re: [PHP] escaping quotes in forms and redisplaying variables in form fields See: http://www.php.net/manual/en/function.htmlspecialchars.php John Hughes wrote: I'm stumbling over how to allow people to put single or double quotes in a form text field. I am passing the form to itself ($PHP_SELF) and on the second time through previewing what the form data will look like and also re-creating the form with the data already filled in. Here's an example of one text field: $display_line .=input type='text' name='signature' value='$noslash_signature' size='35' maxlength='100'; (I have stripslashes() the $signature variable to create $noslash_signature.) If someone signs their name O'Brien, the preview shows O'Brien, but all that shows in the form field is O. However, Joe Bruiser Jones displays correctly in preview and the form. If I change the code like this (adding the \ around the variable): $display_line .=input type='text' name='signature' value=\$noslash_signature\ size='35' maxlength='100'; O'Brien will display OK, but Joe Bruiser Jones shows just Joe in the form field. One solution is to change the text form to textarea, but I'd prefer to be able to redisplay at text form field if possible. -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php