richrock Posted January 28, 2009 Share Posted January 28, 2009 Well, sort of. I've got a whole set of forms, and being relativley new to PHP, just blindly learning as I went along. Client test's the form, and can't put their company name in, ie "Smith's Engineering" the mysql would throw a major wobbly, and I sorted that out by doing $title= addslashes($_POST['title']); Which was all well and good. It's in the DB, and I can retreive it. Now here's the problem: If I retreive by doing echo $rtitle; //where rtitle is the returned title value Then I get Smith's Engineering. If I put this back into the form, and attempt to return it in the text box to be able to edit it, like this: <tr> <td valign="top"><?php echo CLIENT_title; ?> </td> <td valign="top"><input type='text' name='title' size='50' value='<?php if ($_POST['meh'] > 0) { echo $rtitle; } ?>' id='inputtext' /></td> </tr> I get Smith I've tried using stripslashes(), htmlspecialchars(), both of which do nothing. I thought that htmlspecialchars would work, but it doesn't. The database has stored it as Smith's Engineering So any ideas why, and how to solve it? TIA, Rich Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/ Share on other sites More sharing options...
rhodesa Posted January 28, 2009 Share Posted January 28, 2009 first, use mysql_real_escape_string() instead of addslashes() when inputting into the DB as for your other problem, it should be like this: <tr> <td valign="top"><?php echo CLIENT_title; ?> </td> <td valign="top"><input type='text' name='title' size='50' value='<?php if ($_POST['meh'] > 0) { echo htmlspecialchars($rtitle); } ?>' id='inputtext' /></td> </tr> Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748549 Share on other sites More sharing options...
richrock Posted January 28, 2009 Author Share Posted January 28, 2009 Hi, thanks for the speedy response - one reason why I love this forum Okay, I changed to $title= mysql_real_escape_string($_POST['title']); for the insert bit. Works fine. The other bit is still the same: I did echo htmlspecialchars($rtitle); and still cuts off from the first ' - could this be a server setting problem, or is it down to my code? Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748560 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 <tr> <td valign="top"><?php echo CLIENT_title; ?> </td> <td valign="top"><input type='text' name='title' size='50' value="<?php echo $_POST['meh'] > 0 ? $rtitle :'';?>" id='inputtext' /></td> </tr> Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748566 Share on other sites More sharing options...
rhodesa Posted January 28, 2009 Share Posted January 28, 2009 The other bit is still the same: I did echo htmlspecialchars($rtitle); and still cuts off from the first ' - could this be a server setting problem, or is it down to my code? if you load the page up and do a View Source and go to that part...what does the generated HTML code look like? Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748578 Share on other sites More sharing options...
richrock Posted January 28, 2009 Author Share Posted January 28, 2009 Well suck me sideways, as Ace Ventura would say... It works, but I really don't know how or why it does. And it's lost the if() clause, which is needed due to the form being used for 3 different purposes ('meh') being one of the last I coded and was really hating the project by then... What is in this code that makes it display it all? Rich Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748584 Share on other sites More sharing options...
richrock Posted January 28, 2009 Author Share Posted January 28, 2009 The other bit is still the same: I did echo htmlspecialchars($rtitle); and still cuts off from the first ' - could this be a server setting problem, or is it down to my code? if you load the page up and do a View Source and go to that part...what does the generated HTML code look like? value='A Cello by William Forster, London's' Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748585 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 You need to surround you value with double quotes, not single quotes. Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748587 Share on other sites More sharing options...
richrock Posted January 28, 2009 Author Share Posted January 28, 2009 I am such a plum - every field in HTML has single quotes :-\ Oh well, coffee and no sleep for me Thanks a bunch guys, appreciated... Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748594 Share on other sites More sharing options...
limitphp Posted January 28, 2009 Share Posted January 28, 2009 Ok, I just learned this lesson yesterday. The lesson is: Whenever you have a variable that came from user input and you use it in sql you have to do this to it: if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = mysql_real_escape_string($value); Whenever you have a variable that came from user input and you want to display it in a textbox via a value or display via html you have to do this to it: $value = htmlspecialchars($value, ENT_QUOTES); So, what I do is combine both in a function like this: <?php function clean($value, $type) { if ($type=="sql") { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = mysql_real_escape_string($value); }elseif ($type=="html") { $value = htmlspecialchars($value, ENT_QUOTES); } return $value; } So, for your purposes, you would use the function I created like this: <input type='text' name='title' size='50' value='<?php clean($_POST['meh'],"html") ?>' id='inputtext' /> let me know if you have any questions... Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748659 Share on other sites More sharing options...
limitphp Posted January 28, 2009 Share Posted January 28, 2009 the short answer would be: you have to use: htmlspecialchars($value, ENT_QUOTES) Link to comment https://forums.phpfreaks.com/topic/142810-solved-trying-to-return-values-in-input-text-box/#findComment-748664 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.