Posted by The Natural Philosopher on 01/23/08 12:02

Rik Wasmus wrote:
> On Wed, 23 Jan 2008 12:42:07 +0100, jodleren <sonnich@hot.ee> wrote:
>
>> Hi!
>>
>> I just realised a problem in a system I am doing.
>> I pass data on in a hidden and a text input, of course with
>> value="whatever"
>> The problem happens with
>> value="whatever is there are " one more?"
>>
>> How have people solved this?
>
> htmlspecialchars($string, ENT_QUOTES);

Yes. Any strings embedded in forms and form variables that need to use
and display quotes and the like, need expressing in 'proper' HTML.

I am not quite sure how it happens, but these seem in my case to get
magically removed when stuffing into the MySQL database.


I've probably got some magic set up by default ;-)

[Back to original message]