Escaping both single AND double quotes simultaneously?

I am populating a form using PHP to display the current values of the fields for editing.  Example code:

print(" <form> <input type=text name='my_field' value='$my_value'> </form> ");

But if $my_value contains a quote, the value gets truncated.  I could switch the single and double quotes, but will always have a problem with one or the other.

All I can think of is to run $my_value through a script to replace all occurences of quotation marks with &quot.  This causes a significant performance hit, and I'm wondering if there isn't a faster more efficient solution to this problem.

I've searched previous answers on this site, but couldn't find anything that worked.  Someone mentioned "triple quotes"... I'm not familiar with these, but if it means a single followed by double quote (or vice versa) then I've tried it and it doesn't work.

Thanks in advance...
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I dont know PHP very well but shouldn't you be able to write...

print(" <form> <input type=text name='my_field' value='" + $my_value + "'> </form> ");


print(" <form> <input type=text name='my_field' value='");
print("'> </form> ");

Just a thought..
dhuggyAuthor Commented:
No... the PHP is processed on the server side, so all the client browser would see is:

<form> <input type=text name='my_field' value='$my_value'>

i.e., same problem as above.

(FYI, the first suggestion you gave is improper PHP syntax... but the second one is correct.  Thanks for the try anyway!)
try this:
<form ...>
 <input type=text name='my_field' value='<?echo $my_value;?>'>

good luck!
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

freshmeat's right! I work a lot with PHP, and the way freshmeat gave is the one.

That's still going to give you a problem if $my_value has a single quote in it.

dhuggy, I'm sorry, but the only way to fix this problem is exactly what you said.  You need functionality to strip out the single quotes from your $my_value variable.

I've come up against this problem in php and asp and that's the only way to fix it.  You've got to get rid of the tick marks in the string variable.

But it shouldn't be that bad.  All you need is a function that you pass the variable into that returns the variable without tick marks.

It's been a while since I've worked with php, but if you need it I can whip up an example.

dhuggyAuthor Commented:
Freshmeat, note that this is all contained in a print statement (which is under an if statement).  So, to adapt your idea, I came up with...

print("<form ...> <input type=text name='my_field' value='");

echo $my_value;

print("'> </form>");

But this leaves me in the same hole as before.  Any single quote within the $my_value variable will be interpreted on the client side as the end of the value clause.
I think I see the answer to your question.

Sorry this took so long, but I was missing the point.  I thought the problem was centered on eventually putting the form info into a database and that *that* was the problem.

If all you're talking about is display in the form, then the solution might be easy.

You'll note that in PHP you don't have to use a print statement to write data to your html page.

E.g. (forgive my rusty syntax)


 <input type=text name="my_field" value="<?echo $my_value;?>">

else {

You can go in and out of php script at will.  It will still get processed properly on the server.

That way you can surround your $my_value with double quotes instead of single quotes as freshmeat suggested and your problem should be solved.

Let me know if that clears it up.
dhuggyAuthor Commented:
Hmm... well, it seems that clears up the single quote problem, but it creates a problem with double quotes.  I'm looking for something that would solve BOTH problems, but unless there is some other delimiter I can use besides quotes then it appears I am out of luck.  Something like:

<input type=text name="my_field" value=^$my_value^>

Except that carat marks don't work as delimiters, but you get the idea. Basically, no matter WHAT delimiter I use, I can't use that same character within the $my_value variable.  If this is true, I need to send all input through a script that replaces the appropriate characters with their entity values... a performance hit that I wanted to avoid, but that I must take.

That is, unless anyone has any additional suggestions.....?
So you're saying that $my_value might have single *and* double quotes?

If that's the case, I don't see *any* way around the replace script.

As you suggest, there is no other delimiter.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dhuggyAuthor Commented:
Thankx for the help everyone... I ended up using the PHP function ereg_replace to change all of the single quotes to &#039.  I was hoping there was some other delimiter I could use around my value, but alas it appears not.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.