Reply to Re: mysql_real_escape_string() chopping off after quotes — PHP Programming Language

Posted by Michael Fesser on 08/09/07 23:32

..oO(Paul Furman)

>mysql_real_escape_string() is apparently chopping off anything that
>follows a quote when I grab the data & put it in a form for editing.

It doesn't chop off anything, it's a bug in your output code.

>and this is where it's chopping off text after the quote:
>
><form action=.......
><input type='text' size='57' name='latin_name' value="<?=$latin_name?>">

Two things:

* Don't rely on short open tags, use <?php echo ...?> instead.

* Have a look at the generated HTML source code - it's all there, just
improperly escaped. When printing anything to an HTML page, use
htmlspecialchars() to escape those characters that have a special
meaning in HTML (", &, <, >). If necessary use the ENT_QUOTES flag. See
the manual for details.

http://www.php.net/htmlspecialchars

Micha

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация