Hi folks - I have a form that displays a value pulled from a database
field.
<?php echo "<input type=text name='storename' value='$storename'>"; ?>
I noticed that if $storename contains something like "Ma's Bakery", all
that shows up in the field is "Ma". Do I really have to go through all my
form fields and change them to
<?php echo "<input type=text name='storename' value='".$storename."'>"; ?>
Although I guess
<?php echo "<input type=text name='storename' value=\"$storename\">"; ?>
would work, too.
Oh well.
6  5598 
Greg Bryant wrote: Hi folks - I have a form that displays a value pulled from a database
field.
<?php echo "<input type=text name='storename' value='$storename'>"; ?>
I noticed that if $storename contains something like "Ma's Bakery", all
that shows up in the field is "Ma". Do I really have to go through all my
form fields and change them to
<?php echo "<input type=text name='storename' value='".$storename."'>"; ?>
What hapenned when you tried that? :)
try:
<?php echo '... value="', htmlentities($storename, ENT_QUOTES), '">'; ?>
Reference at http://www.php.net/htmlentities
Happy Coding :-)
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--
Greg Bryant <br**********@yahoo.com> writes: Hi folks - I have a form that displays a value pulled from a database
field.
<?php echo "<input type=text name='storename' value='$storename'>"; ?>
I noticed that if $storename contains something like "Ma's Bakery", all
that shows up in the field is "Ma". Do I really have to go through all my
form fields and change them to
<?php echo "<input type=text name='storename' value='".$storename."'>"; ?>
Although I guess
<?php echo "<input type=text name='storename' value=\"$storename\">"; ?>
would work, too.
It's wise to call htmlentities() when displaying content that could
contain special characters. http://www.php.net/manual/function.htmlentities.php
Have a look at the optional quote_style parameter.
--
Michael Fuhr http://www.fuhr.org/~mfuhr/
Pedro Graca <he****@hotpop.com> wrote in
news:br************@ID-203069.news.uni-berlin.de: Greg Bryant wrote: Hi folks - I have a form that displays a value pulled from a database
field.
<?php echo "<input type=text name='storename' value='$storename'>"; ?>
I noticed that if $storename contains something like "Ma's Bakery",
all that shows up in the field is "Ma". Do I really have to go
through all my form fields and change them to
<?php echo "<input type=text name='storename'
value='".$storename."'>"; ?>
What hapenned when you tried that? :)
try:
<?php echo '... value="', htmlentities($storename, ENT_QUOTES), '">';
?>
Reference at
http://www.php.net/htmlentities
Happy Coding :-)
Thanks. Fortunately, I guess, I tried the second one first (escape
double quotes around the value). Looking at it again, obviously the
first one will have the same problem as the original :). Nice to know
there's a real solution - htmlentities. Thanks!
"Greg Bryant" <br**********@yahoo.com> schrieb im Newsbeitrag
news:Xn*********************************@199.45.49 .11... Pedro Graca <he****@hotpop.com> wrote in
news:br************@ID-203069.news.uni-berlin.de:
Greg Bryant wrote: Hi folks - I have a form that displays a value pulled from a database
field.
<?php echo "<input type=text name='storename' value='$storename'>"; ?>
I noticed that if $storename contains something like "Ma's Bakery",
all that shows up in the field is "Ma". Do I really have to go
through all my form fields and change them to
<?php echo "<input type=text name='storename'
value='".$storename."'>"; ?>
What hapenned when you tried that? :)
try:
<?php echo '... value="', htmlentities($storename, ENT_QUOTES), '">';
?>
Reference at
http://www.php.net/htmlentities
Happy Coding :-)
Thanks. Fortunately, I guess, I tried the second one first (escape
double quotes around the value). Looking at it again, obviously the
first one will have the same problem as the original :). Nice to know
there's a real solution - htmlentities. Thanks!
With your "solution" you just switch problems - an entry as "She said:
"Let's go!", and went." will be cropped to "She said: ". You either have to
use htmlentities() or addslashes() with your content.
--
Markus
You're right, you're right. There's obviously a reason htmlentities is a
core function :).
Thanks for keeping me from getting lazy.
-Greg
"Markus Ernst" <derernst@NO#SP#AMgmx.ch> wrote in
news:3f***********************@news.easynet.ch: Thanks. Fortunately, I guess, I tried the second one first (escape
double quotes around the value). Looking at it again, obviously the
first one will have the same problem as the original :). Nice to
know there's a real solution - htmlentities. Thanks!
With your "solution" you just switch problems - an entry as "She said:
"Let's go!", and went." will be cropped to "She said: ". You either
have to use htmlentities() or addslashes() with your content.
I find that using addslashes() usually does the trick, however if the
data you're entering is variable and the end user has specified it, it
would be better to htmlentities() or htmlspecialchars() and then
addslashes() for security.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: mudassar |
last post by:
Hello
I've been trying to figure this problem out for quite a while and I'm
having no joy.
I'll give you some background info, I'm creating a form and one of the
fields in the form is a big ...
|
by: Brian van den Broek |
last post by:
Hi all,
I'm posting partly so my problem and solution might be more easily
found by google, and partly out of mere curiosity.
I've just spent a frustrating bit of time figuring out why pydoc...
|
by: BCS |
last post by:
I have a web site in which the site administrator can input
information to a database through a web form. The information then
gets displayed on ASP pages. One field is a large text field. Of...
|
by: Solution Seeker |
last post by:
I want to Store the String value with Single Quotes in the Field of
Database where if i try to Store the String value with Single Quotes
(as it is) then it is throwing the error as SQL String...
|
by: Justin Fancy |
last post by:
Hi everyone,
I need to replace all instances of a double quote(") with two single
quotes('') in a text file. I already have some replacements of strings
going on, but I tried this one, but the...
|
by: cctham |
last post by:
Hi,
I have an issue with php and/or mysql. I have a php form that writes "items"
to a mysql database, including a description of the item.
I am testing it now by putting special characters in...
|
by: nick.bonadies |
last post by:
I'm trying to deal with user inputs of single quotes into form fields
that get input into a MSSQL database. So far I have discovered that
if I turn on magic_quotes_sybase in my php.ini file PHP...
|
by: fniles |
last post by:
I am looping thru DataReader and constructing a sql query to insert to
another database.
When the data type of the field is string I insert the field value using a
single quote.
When the value of...
|
by: Shaia |
last post by:
I have a third party tool that creates an Access 2003 database. In one table, there is a memo field that stores HTML chunks. These chunks represent "content" from a web page.
If my content...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |
