|
|
Posted by David Grant on 11/18/05 12:34
Hi Adrian,
This appears to be a security hole, but since that wasn't the reason for
the question, please try:
echo"<input type='text' value='" . htmlentities($clause, ENT_QUOTES) . "'>";
php.net/htmlentities
Cheers,
David Grant
Adrian Bruce wrote:
> Hi
>
> I am trying Dynamically creating a Query based on form input for an
> intranet, i have a text input that allows a user to input part of a
> where clause such as - not like '04%' - . this bit works fine but i
> would like to display the clause back in the form field when the page
> reloads.
> $clause = "not like '04%'";
> echo"<input type='text' value='$clause'>";
>
> Now obviously i hit a problem with the use of 'the quotation marks ' '
> and just see - not like \ - in the form field. I need to keep the '
> marks around the 04% for the query. Any ideas how i can do this??
>
> Any help much appreciated!
>
> Adrian
>
Navigation:
[Reply to this message]
|