Posted by Rik Wasmus on 01/23/08 12:15

On Wed, 23 Jan 2008 13:02:45 +0100, The Natural Philosopher <a@b.c> wrot=
e:

> Rik Wasmus wrote:
>> On Wed, 23 Jan 2008 12:42:07 +0100, jodleren <sonnich@hot.ee> wrote:
>>
>>> Hi!
>>>
>>> I just realised a problem in a system I am doing.
>>> I pass data on in a hidden and a text input, of course with
>>> value=3D"whatever"
>>> The problem happens with
>>> value=3D"whatever is there are " one more?"
>>>
>>> How have people solved this?
>> htmlspecialchars($string, ENT_QUOTES);
>
> Yes. Any strings embedded in forms and form variables that need to use=
=

> and display quotes and the like, need expressing in 'proper' HTML.
>
> I am not quite sure how it happens, but these seem in my case to get =

> magically removed when stuffing into the MySQL database.
>
>
> I've probably got some magic set up by default ;-)

Nope, just look at the raw POST or GET request. The magic is in the =

browser/UA (which is the agent who can actually do something with/use ht=
ml =

entitities).

-- =

Rik Wasmus

[Back to original message]