[SOLVED] Quotes

[jaymc]

<input type=text value="She said "It was cool" today">

<input type=text value='She said 'It was cool' today'>

 

Spot the problem?

 

Whats the best way around it, because when people are adding quotes in these boxes and its being inserted into a database then pulled back out for inclusion in a text field, its causing issues where as the outputted value is

 

She Said

 

Please advise

[cooldude832]

Its always best to not destroy the original input because its the author's work.  punctuation is aways tricky because it can be interpreted as text strings or in some cases as literal programing punctuation.  The best idea is look into the add/strip slashes functions and the escape for mysql these functions escape\unescape all special characters for use and then simply apply them on insertion and then remove on viewing.

[jaymc]

The issue is not with it screwing up mysql

 

Its the HTML

 

value="test "quote here" more convo"

 

As far as the HTML engine in concerned the value is

 

value="test "

 

Thus leaving this redunt code to be interpreted as plain text

 

quote here" more convo"

[teng84]

maybe the solution if you have this

value="test "quote here" more convo"

is to

 

value='test "quote here" more convo'

 

use single quote to have double quote ignored

or vise versa

[jaymc]

That would work

 

But

 

value='if you can find a solution i'll clap'

[teng84]

yah that a prob so maybe try to put the value in the variable thats the last option you can have

[jaymc]

Huh?

 

What variable

[jaymc]

Is there a practical solution to this problem?

 

Its such a global problem, there must be!

[trq]

Use htmlspecialchars. eg;

 

<?php

   $s = "this is a \"string\" of \"text\".. damn";
   echo "<form>";
   echo "<input type=\"text\" value=\"" . htmlspecialchars($s) . "\">";
   echo "</form>";

?>

[teng84]

yes that will work but the tread starter trying to point is that he use pure html not php i guess and like the what his trying to say is that he dont have like a control or maybe he was just curios thats why he asked

[jaymc]

htmlspecialchars

 

Thats the one! Ive actually used that before it just slipped my mind

 

perfect

[teng84]

Its always best to not destroy the original input because its the author's work.  punctuation is aways tricky because it can be interpreted as text strings or in some cases as literal programing punctuation.  The best idea is look into the add/strip slashes functions and the escape for mysql these functions escape\unescape all special characters for use and then simply apply them on insertion and then remove on viewing.

its been said by this guy thats why im knocking on the wring door  LOL

i guess time to mark this as solved