|
Posted by Hilarion on 11/15/05 18:09
> I created a form with some input fields and textarea's corresponding to the
> fields in a table.
>
> If an ID is given the data belonging to the record with this id is fetched
> and placed in to the value attributes of the input fields. So far regular
> database interaction.
>
> In one of the textarea's the user should fill in some HTML. The problem
> comes when the user fills in '>' The data is send to the server trough a
> POST method an saved in the database. When the data is fetched for the
> second time the data is put in the generated html of the form which tells
> the browser to translate the entity. We do not see > anymore but in the
> input field but a the character '>' appears. When the form is saved again
> this character is saved and the data which is entered in the first place
> (>) is gone.
>
> When I type in >hallo< I like to see the exact characters when I visit
> the form again and not <hallo>
>
> Any one ideas how to do this?
You should use "htmlspecialchars" function (Oli Fith gave you a link to
the description of this function) on the data you get from DB before you
put it in the generated HTML.
To be precise you should use it not only on data from DB but on all
data which is placed in generated HTML and should not be interpreted
as HTML (which includes data from $_POST, $_GET etc.) and all data
you want to pass unchanged as form field values eg.:
<form ...>
<input type="text" name="some_field"
value="<?php echo @htmlspecialchars( $_REQUEST['some_field'] ); ?>" />
<textarea name="big_field"><?php
echo @htmlspecialchars( $_REQUEST['big_field'] );
?></textarea>
</form>
Hilarion
Navigation:
[Reply to this message]
|