On Sun, 27 May 2007 18:14:15 -0400 Chris Shiflett <[EMAIL PROTECTED]> wrote:
> Michael B Allen wrote: > > I am using htmlentities($text, ENT_COMPAT, 'UTF-8'); to escape text > > from the db to be displayed in form fields. This works fine but when > > the text is saved in the database the entities are saved with it. > > > > For example, if the text in the db is 'Mike & Ike', the form field > > looks like: > > > > <input type='text' name='foo' value='Mike & Ike'/> > > > > This is displayed correctly but when I submit this to the server it > > is saved to the database as 'Mike & Ike'. > > This is only true if you escape it again. > > Since there is no abomination like magic_quotes_gpc for HTML escaping, > it means you're doing this double escaping yourself, so the problem > should be easy to track down. > > Hope that helps. Indeed. I was escaping again in my form field formatting code. Thanks, Mike -- Michael B Allen PHP Active Directory Kerberos SSO http://www.ioplex.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
