Escape characters with hidden values in HTML and PHP

[upperbid]

I am having a problem with a form in which I am using a hidden field on a review page for the title of an item:

 

^{<p align="left"><input type="hidden" name="descp1" value="$descp1strip">$descp1strip</p>}

 

This field can have either ' or " in it.  The problem is, that in the source code of the review page, the hidden value of the title below:

 

8" M Teleflora Gift lead crystal

 

becomes one of the two below depending on how whether or not I quote " the value:

 

^{"8" M Teleflora Gift lead crystal"}

^{8" M Teleflora Gift lead crystal}

 

Neither one of these will work in the submission of the final review page, cutting it off to just the 8.  If I replace the quotes " with ' instead, then I have the exact same problem if somebody uses the ' symbol in their title.

 

Any suggestions.

 

Robert

[PFMaBiSmAd]

When you output data on a web page, you need to use htmlentities with the second parameter set to ENT_QUOTES so that HTML special characters present in the data are not operated on by the browser. When htmlentities are submitted to the server they are converted back to the literal characters.