Quotes and Double Quotes in forms

[pault]

A problem has arisen which puzzles me. I have forms which save data to MySql and retrieve it, showing it as the default data in the form. Naturally I escape any quotes before sending it to the database and remove the slashes when I retrieve it. But the form HTML code shows the data like this value="$variable" which is fine when only single quotes are used in the data but causes a problem when the user uses double quotes. So data of John \"Jack\" Smith would be output as value="John "Jack" Smith" with obvious problems. If I use value='...' then that would cause problems with single quotes.

 

I haven't seen the answer in any of my books. The only things I can think of is changing all double quotes to single before saving to DB or converting them with htmlspecialcharacters so they are no longer actual quotes.

[Pikachu2000]

How about posting the relevant code? That will be easier to diagnose than just a description of the problem.

[ram4nd]

Maybe convert the chars http://www.ascii.cl/htmlcodes.htm here you can find the right codes.

[BlueSkyIS]

htmlspecialcharacters is the way I go.

 

I like to echo input fields without concatenation, so I single-quote tag values:

 

$field1_value = htmlspecialchars($field1_value, ENT_QUOTES);
echo "<input type='text' name='field1' value='$field_1_value' />";

 

alternatively, if you're echoing within the HTML:

 

<input type='text' name='field1' value='<?php echo htmlspecialchars($field_1_value, ENT_QUOTES); ?>' />

[pault]

Just tried your code, BlueSkyIS, and it works perfectly. Saved me hours of searching and brain-wracking. Great forum. Thanks everyone for such quick advice.