jaymc Posted August 9, 2007 Share Posted August 9, 2007 <input type=text value="She said "It was cool" today"> <input type=text value='She said 'It was cool' today'> Spot the problem? Whats the best way around it, because when people are adding quotes in these boxes and its being inserted into a database then pulled back out for inclusion in a text field, its causing issues where as the outputted value is She Said Please advise Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/ Share on other sites More sharing options...
cooldude832 Posted August 9, 2007 Share Posted August 9, 2007 Its always best to not destroy the original input because its the author's work. punctuation is aways tricky because it can be interpreted as text strings or in some cases as literal programing punctuation. The best idea is look into the add/strip slashes functions and the escape for mysql these functions escape\unescape all special characters for use and then simply apply them on insertion and then remove on viewing. Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319752 Share on other sites More sharing options...
jaymc Posted August 9, 2007 Author Share Posted August 9, 2007 The issue is not with it screwing up mysql Its the HTML value="test "quote here" more convo" As far as the HTML engine in concerned the value is value="test " Thus leaving this redunt code to be interpreted as plain text quote here" more convo" Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319766 Share on other sites More sharing options...
teng84 Posted August 9, 2007 Share Posted August 9, 2007 maybe the solution if you have this value="test "quote here" more convo" is to value='test "quote here" more convo' use single quote to have double quote ignored or vise versa Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319769 Share on other sites More sharing options...
jaymc Posted August 9, 2007 Author Share Posted August 9, 2007 That would work But value='if you can find a solution i'll clap' Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319771 Share on other sites More sharing options...
teng84 Posted August 9, 2007 Share Posted August 9, 2007 yah that a prob so maybe try to put the value in the variable thats the last option you can have Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319777 Share on other sites More sharing options...
jaymc Posted August 9, 2007 Author Share Posted August 9, 2007 Huh? What variable Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319779 Share on other sites More sharing options...
jaymc Posted August 9, 2007 Author Share Posted August 9, 2007 Is there a practical solution to this problem? Its such a global problem, there must be! Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319787 Share on other sites More sharing options...
trq Posted August 9, 2007 Share Posted August 9, 2007 Use htmlspecialchars. eg; <?php $s = "this is a \"string\" of \"text\".. damn"; echo "<form>"; echo "<input type=\"text\" value=\"" . htmlspecialchars($s) . "\">"; echo "</form>"; ?> Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319788 Share on other sites More sharing options...
teng84 Posted August 9, 2007 Share Posted August 9, 2007 yes that will work but the tread starter trying to point is that he use pure html not php i guess and like the what his trying to say is that he dont have like a control or maybe he was just curios thats why he asked Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319797 Share on other sites More sharing options...
jaymc Posted August 9, 2007 Author Share Posted August 9, 2007 htmlspecialchars Thats the one! Ive actually used that before it just slipped my mind perfect Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319810 Share on other sites More sharing options...
teng84 Posted August 10, 2007 Share Posted August 10, 2007 Its always best to not destroy the original input because its the author's work. punctuation is aways tricky because it can be interpreted as text strings or in some cases as literal programing punctuation. The best idea is look into the add/strip slashes functions and the escape for mysql these functions escape\unescape all special characters for use and then simply apply them on insertion and then remove on viewing. its been said by this guy thats why im knocking on the wring door LOL i guess time to mark this as solved Link to comment https://forums.phpfreaks.com/topic/64162-solved-quotes/#findComment-319814 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.