|
|
Posted by Adrian Bruce on 11/18/05 12:53
I'm aware it would be a security hole if it were available to all users,
but it's just for me at the mo, other users get a watered down version
with just check boxes. I basically want to allow flexible filtering of
a set of data but obviously this poses a few challenges, any ideas
always weclome!
Thanks for the tip by the way, i ended up doing the following
$field = stripslashes(htmlentities($field,ENT_QUOTES));
Adrian
David Grant wrote:
>Hi Adrian,
>
>This appears to be a security hole, but since that wasn't the reason for
>the question, please try:
>
>echo"<input type='text' value='" . htmlentities($clause, ENT_QUOTES) . "'>";
>
>php.net/htmlentities
>
>Cheers,
>
>David Grant
>
>Adrian Bruce wrote:
>
>
>>Hi
>>
>>I am trying Dynamically creating a Query based on form input for an
>>intranet, i have a text input that allows a user to input part of a
>>where clause such as - not like '04%' - . this bit works fine but i
>>would like to display the clause back in the form field when the page
>>reloads.
>>$clause = "not like '04%'";
>>echo"<input type='text' value='$clause'>";
>>
>>Now obviously i hit a problem with the use of 'the quotation marks ' '
>>and just see - not like \ - in the form field. I need to keep the '
>>marks around the 04% for the query. Any ideas how i can do this??
>>
>>Any help much appreciated!
>>
>>Adrian
>>
>>
>>
>
>
>
Navigation:
[Reply to this message]
|