|
|
Posted by C. (http://symcbean.blogspot.com/) on 01/23/08 12:20
On 23 Jan, 12:02, The Natural Philosopher <a...@b.c> wrote:
> Rik Wasmus wrote:
> > On Wed, 23 Jan 2008 12:42:07 +0100, jodleren <sonn...@hot.ee> wrote:
>
> >> Hi!
>
> >> I just realised a problem in a system I am doing.
> >> I pass data on in a hidden and a text input, of course with
> >> value="whatever"
> >> The problem happens with
> >> value="whatever is there are " one more?"
>
> >> How have people solved this?
>
> > htmlspecialchars($string, ENT_QUOTES);
>
> Yes. Any strings embedded in forms and form variables that need to use
> and display quotes and the like, need expressing in 'proper' HTML.
>
> I am not quite sure how it happens, but these seem in my case to get
> magically removed when stuffing into the MySQL database.
>
> I've probably got some magic set up by default ;-)
Note to OP: PHP historically tried to fix this with a
'magic_quotes_gpc' setting - which didn't work - so more settings got
added, until everybody agreed the PHP should do its job and the
programmer should do hers. The settings are still there in 5.2 but
should all be switched OFF. If you're really interested have a google
for the long sad story.
Note 2: in HTML and Javascript, you can put double quotes inside
single quotes (where they will be ignored) and vice-versa, but (AFAIK)
you can't *escape* quotes - hence using htmlentities.
HTH
C.
Navigation:
[Reply to this message]
|