davidsakh Posted February 13, 2009 Share Posted February 13, 2009 I'm trying to break my database. I was able to successfully insert: blah? "lol" 'wee'' into the database, so I think I'm cleaning the strings properly, but when I print it out for the user inside of an input field, 'wee' isn't displayed, because the slashes aren't added. in the source, i see: value='blah? "lol" 'wee'' /> so, I addslashes(), and this works, but the user sees slashes around "lol" when I don't want her to. Any help would be greatly appreciated. Security is not my strong point. :-\ Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 13, 2009 Share Posted February 13, 2009 When displaying data that contain quotes you need to use the function htmlentities with then ENT_QUOTES option: <?php $str = 'blah? "lol" ' . "'wee'"; echo '<input type="text" value="' . htmlentities($str,ENT_QUOTES) . '">'; ?> Ken Quote Link to comment Share on other sites More sharing options...
davidsakh Posted February 13, 2009 Author Share Posted February 13, 2009 When displaying data that contain quotes you need to use the function htmlentities with then ENT_QUOTES option: <?php $str = 'blah? "lol" ' . "'wee'"; echo '<input type="text" value="' . htmlentities($str,ENT_QUOTES) . '">'; ?> Ken prompt and dead-on. It works. I apologize for my stupidity. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.