|
|
Posted by Michael Fesser on 08/09/07 23:32
..oO(Paul Furman)
>mysql_real_escape_string() is apparently chopping off anything that
>follows a quote when I grab the data & put it in a form for editing.
It doesn't chop off anything, it's a bug in your output code.
>and this is where it's chopping off text after the quote:
>
><form action=.......
><input type='text' size='57' name='latin_name' value="<?=$latin_name?>">
Two things:
* Don't rely on short open tags, use <?php echo ...?> instead.
* Have a look at the generated HTML source code - it's all there, just
improperly escaped. When printing anything to an HTML page, use
htmlspecialchars() to escape those characters that have a special
meaning in HTML (", &, <, >). If necessary use the ENT_QUOTES flag. See
the manual for details.
http://www.php.net/htmlspecialchars
Micha
Navigation:
[Reply to this message]
|