Michael B Allen wrote: > I am using htmlentities($text, ENT_COMPAT, 'UTF-8'); to escape text > from the db to be displayed in form fields. This works fine but when > the text is saved in the database the entities are saved with it. > > For example, if the text in the db is 'Mike & Ike', the form field > looks like: > > <input type='text' name='foo' value='Mike & Ike'/> > > This is displayed correctly but when I submit this to the server it > is saved to the database as 'Mike & Ike'.
This is only true if you escape it again. Since there is no abomination like magic_quotes_gpc for HTML escaping, it means you're doing this double escaping yourself, so the problem should be easy to track down. Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
