petenaylor Posted October 28, 2010 Share Posted October 28, 2010 Hi all I have a field in mySQL table called dimensions. It has the double quote in in for inches - " When I echo the result from the mySQL query on the item page (Customer facing) it's fine. However, I have built a form so that the administrator can edit the dimensions in the admin panel and when I echo it out in to the form field it stops when it gets to the double quotes? Pete Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/ Share on other sites More sharing options...
Anti-Moronic Posted October 28, 2010 Share Posted October 28, 2010 You need to escape those quotes when you enter them into the database using mysql_real_escape_string and stripslashes on the way out. Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127461 Share on other sites More sharing options...
trq Posted October 28, 2010 Share Posted October 28, 2010 using mysql_real_escape_string and stripslashes on the way out. stripslashes is not needed on the way out if your data is properly escaped on the way in. The escape chars are only there to get the data into a valid query. Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127463 Share on other sites More sharing options...
Anti-Moronic Posted October 28, 2010 Share Posted October 28, 2010 using mysql_real_escape_string and stripslashes on the way out. stripslashes is not needed on the way out if your data is properly escaped on the way in. The escape chars are only there to get the data into a valid query. Sorry! Thanks for correction as well. Sorry OP, didn't mean to give out bad advice. Still, mysql_real_escape_string() is always a good idea on data insertion. Get used to using it and problems like this won't even appear. Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127468 Share on other sites More sharing options...
PFMaBiSmAd Posted October 28, 2010 Share Posted October 28, 2010 All content (anything that is not intentionally HTML tags/HTML syntax) that you output on a web page needs to be passed through htmlentities with the second parameter set to ENT_QUOTES so that any HTML entities in it, like &, ", ', <, and > don't break the HTML on your page. Also, the value='...' attribute of a form field (all attributes in fact) need quotes around it to make it valid HTML. Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127472 Share on other sites More sharing options...
trq Posted October 28, 2010 Share Posted October 28, 2010 Also, the value='...' attribute of a form field (all attributes in fact) need quotes around it to make it valid HTML. Hopefully not for that much longer. html5 is coming! Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127475 Share on other sites More sharing options...
jimmyt1988 Posted October 28, 2010 Share Posted October 28, 2010 No, depends if he's using transitional or strict. strict requires quotes, transitional does not. Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127498 Share on other sites More sharing options...
petenaylor Posted October 28, 2010 Author Share Posted October 28, 2010 Thanks for your replies guys. Is this the correct way to send the string? $dimensions = (mysql_real_escape_string($_POST['dimensions'])); Pete Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127560 Share on other sites More sharing options...
PFMaBiSmAd Posted October 28, 2010 Share Posted October 28, 2010 The information posted by Anti-Moronic in this thread has nothing to do with your problem of putting " into a form field value. Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127569 Share on other sites More sharing options...
petenaylor Posted October 28, 2010 Author Share Posted October 28, 2010 I'm a bit lost now! Basically I have a DB entry that has double quotes in. When I am adding it into the DB I am using: $dimensions = (mysql_real_escape_string($_POST['dimensions'])); When I am echoing it back into the form for the user to edit I am using: <input name="dimensions" type="text" id="dimensions" size="80" maxlength="80" value="<?php echo stripslashes(mysql_real_escape_string($result['dimensions'])); ?>" class="basket-table-font" /> When I am echoing it to the user screen I am using: <?php echo stripslashes($result['dimensions']); ?> However this isn't working as it should. It misses off the contact after the double quotes. Thanks for your help, it's much appreciated! Pete Link to comment https://forums.phpfreaks.com/topic/217087-echoing-out-a-string-with-double-quotes-in-html-form/#findComment-1127580 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.