Using the character " in html forms doesn't work?

[pinacoladaxb]

Here's some code I have for a form:

 

<form>

<INPUT TYPE="hidden" NAME="song" VALUE="<? echo $thissong; ?>">

<input type="submit" value="Submit">

</form>

 

The problem is when $thissong has the character " in it because all of the characters including it and after that are ignored. Let's say $thissong = a"b. Here's what the source code would look like for that line:

 

<INPUT TYPE="hidden" NAME="song" VALUE="a"b">

 

...so the "b is ignored. Is there a way of preventing this?

[hitman6003]

use single quotes

 

value='a"b'

[Mattyspatty]

also consider using this function

http://uk.php.net/manual/en/function.htmlspecialchars.php

[DarkWater]

Use addslashes() on the stuff you're putting into the value attribute.

[pinacoladaxb]

If I use single quotes, then what if the variable contains single quotes?

 

If I add slashes, then the " will still be there, right?

 

But the htmlspecialchars function worked perfectly! Thanks!!!

[DarkWater]

You add slashes to escape the quotes.  =/

[PFMaBiSmAd]

The \ to escape characters don't mean anything to a browser. The htmlspecialchars or even better htmlentities is needed so that the special characters that a browser operates on can appear in data.

[DarkWater]

Yeah, I realized that after trying it. D:  I wasn't paying attention, lol.  I thought he said when he echo'd it out he got an error.  Then I re-read it. xD