PDA

Click to See Complete Forum and Search --> : quotes inside input box.

cafrow
01-24-2006, 02:17 PM
I my years of programming php I cannot belive I have not run into this problem before. My problem is I am taking input from an html input box and storing it in mysql, no problem yet, then I recall the from the mysql and display it in an HTML input box, this is where the problem is.

The string example I am trying to store is:
-1" vertically shorter

When I grab this string from mysql and out put in into html it screws up the html and only -1 shows in the input box. Here is the html source code after the input

<input name="stock_vertical" type="text" value="-1" vertically shorter" size="12" />

And here is the PHP code
<input name="stock_vertical" type="text" value="<?=$size_row['stock_vertical']?>" size="12" />

I know there has to be something I can do, I tried some stuff with Addslashes() but that did not help me, also tried to double "" each quote and that did not work. Any help would be awesome.

Thank you.
chazzy
01-24-2006, 02:30 PM
you've never had to deal with an escape function?

function escapefcn($text){
if (get_magic_quotes_gpc()){
$text=stripslashes($text);
}
return mysql_real_escape_string(htmlentities($text));
}


then when displaying the contents you use stripslashes($text);
bokeh
01-24-2006, 02:49 PM
Try the following:<input name="stock_vertical" type="text" value="<?php echo htmlspecialchars($size_row['stock_vertical']) ?>" size="12" />
cafrow
01-24-2006, 03:15 PM
Chazzy, I don't think it is that. I think the quote is corrupting the html form. Try the following:<input name="stock_vertical" type="text" value="<?php echo htmlspecialchars($size_row['stock_vertical']) ?>" size="12" />

Bokeh... awesome, I knew it had to be something simple. I tried chazzy's way and it worked also, but I like your better as it allows me to keep using my function for mysql_real_escape_string.

Thank you both.
bokeh
01-24-2006, 03:21 PM
I didn't look at Chazzy's post properly to start with but it is probably better because it is making the data good before it gets into the DB.
chazzy
01-24-2006, 03:54 PM
yeah.
If you look at the function, (the same one NogDog always posts btw..) it calls stripslashes, htmlentities, and mysql_real_escape

htmlentities is really the most basic piece that you need, the real escape and strip slashes will help with other characters that could muck up the form.