By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,965 Members | 1,687 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,965 IT Pros & Developers. It's quick & easy.

How to prevent HTML code such as &lt; being rewritten as <

P: n/a
Folks,

I'm struggling to put the question together, but I have this problem.
I have written an HTML form that I can use for data entry. This uses
PHP to write a SQL UPDATE command that gets written to my MySQL
database. I can later view this data back in the form.

One thing I've noticed happening is if I enter code such as &lt; it
gets rewritten as < (ie the less-than sign). Now I don't want this to
happen, but something somewhere is converting this. This is annoying
because it messes up my HTML code.

The HTML form calls itself (ie $_SERVER['PHP_SELF']), and then builds
the UPDATE command. It pushes this out to the database using
mysql_query("UPDATE ..."). Is this something that is done by
mysql_query(), because it is clearly being stored on the database as
this.

Is this a feature of mysql_query(), or is there some other way to turn
this off?

Any help will be appreciated.
Feb 7 '08 #1
Share this Question
Share on Google+
3 Replies


P: n/a
..oO(webmasterATflymagnetic.com)
>Many thanks for this. After I posted I realised I could echo the
output that comes back into the script. And it clearly has already
been modified as soon as it comes back in. So the &lt; rewrite is
happening between the $_SERVER[$PHP_SELF] submission on the form, and
the next time the PHP file is sent back to the browser.
What does a

print "<pre>\n";
var_dump($_POST);
print "</pre>\n";

show after the form submission? The "&lt;" should still be there.

Then how do you show the submitted data again after the submission? Do
you use htmlspecialchars() before the output? Without that the browser
would get the "&lt;" and interpret it, so you would get a literal "<".
With htmlspecialchars() instead the result in the HTML source would be
"&amp;lt;", which would then be interpreted to the intended "&lt;".

Micha
Feb 7 '08 #2

P: n/a
SOLVED IT!! (Why do I always seem to find the answer shortly after
hitting the send button? -- Bummer!)

Anyway, what I've done is this:

<pre>
Return-Path: &\lt;em***@address.com&\gt;<br />

I've not used any htmlspecialchars() calls, and the above gets written
to my database entry exactly as shown. I did originally try \&lt; but
that simply resulted in \< -- so the escape never worked. At least
this way it does work.

So I'm a happy bunny...

tra la la, tra la la...

(if a little mad!)

Thanks all again!
Feb 7 '08 #3

P: n/a
webmasterATflymagnetic.com wrote:
SOLVED IT!! (Why do I always seem to find the answer shortly after
hitting the send button? -- Bummer!)
I just know what`cha sayin` ;-)

--
Freundliche Gre,
Franz Marksteiner

Feb 7 '08 #4

This discussion thread is closed

Replies have been disabled for this discussion.