Posted by The Natural Philosopher on 01/23/08 15:25

C. (http://symcbean.blogspot.com/) wrote:
> On 23 Jan, 12:02, The Natural Philosopher <a...@b.c> wrote:
>> Rik Wasmus wrote:
>>> On Wed, 23 Jan 2008 12:42:07 +0100, jodleren <sonn...@hot.ee> wrote:
>>>> Hi!
>>>> I just realised a problem in a system I am doing.
>>>> I pass data on in a hidden and a text input, of course with
>>>> value="whatever"
>>>> The problem happens with
>>>> value="whatever is there are " one more?"
>>>> How have people solved this?
>>> htmlspecialchars($string, ENT_QUOTES);
>> Yes. Any strings embedded in forms and form variables that need to use
>> and display quotes and the like, need expressing in 'proper' HTML.
>>
>> I am not quite sure how it happens, but these seem in my case to get
>> magically removed when stuffing into the MySQL database.
>>
>> I've probably got some magic set up by default ;-)
>
> Note to OP: PHP historically tried to fix this with a
> 'magic_quotes_gpc' setting - which didn't work - so more settings got
> added, until everybody agreed the PHP should do its job and the
> programmer should do hers. The settings are still there in 5.2 but
> should all be switched OFF. If you're really interested have a google
> for the long sad story.
>

I ought to check..
> Note 2: in HTML and Javascript, you can put double quotes inside
> single quotes (where they will be ignored) and vice-versa, but (AFAIK)
> you can't *escape* quotes - hence using htmlentities.
>

Found out the hard way here..;-)

The other gotcha was trying to print % signs in a printf
statement..finally remembered its '%%' in that syntax....

God I am so rusty...

> HTH
>
> C.

[Back to original message]