serialize double quotes

I have a content management interface.

Pretty much a bunch of text areas that you enter content into.
On another page, I have all the info displayed.

I put the form results into a serialized array.

I am having trouble with double quotes.

How do you preserve the quotes and also display the correct data in the text areas.

<a href="">Link to CNN</a>

when I try to display this in the text area, the quotes ruin everything.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

When you say "displayed on another page" do you mean echoed?

If so you have to escape the quotation mark using bacslash \

<a href=\"\">Link to CNN</a>

If you're loading this data into a form, you can use htmlspecialchars($data) to stop the quotes from breaking the form inputs.  Example:

echo htmlspecialchars($data);

Hope that helps!
Only using htmlspecialchars will put in a backslash (\) before the double quotes.  Therefore, use stripslashes(htmlspecialchars($data));

Example (using a textarea):

print "<textarea name="somename"> " . stripslashes(htmlspecialchars($data))  . "</textarea>";
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

htmlspecialchars() does NOT put a backslash in front of quotes... that's what addslashes() does (or magic quotes, if enabled).  The htmlspecialchars() function changes single quotes to '&#039;' and double quotes to '&quot;'.
It actually does add slashes.  Read the comment by juadielon_NOSPAM at hotmail dot com:

I was trying to retrieve information from a database to display it into the browser. However it did not work as I was expecting.  For instance double quotes (") and single quotes (') were conflicting in HTML in an INPUT selector.

The first approach to solve this was to use htmlspecialchars to convert special characters to HTML entities to display the input box with its value.

$encode=htmlspecialchars($str, ENT_QUOTES);

However, the result was having HTML entities with a \ (backslash) preceding it (escape characters).  For instance ampersand (&) becomes \&amp; displaying \& and double quotes becomes \&quot; displaying \"

So the final solution was to replace first any \ (backslash) and then ask htmlspecialchars to make the conversion.

[Editor's Note: This is the wrong way to do this. The proper way is to use

$encoded = htmlspecialchars(stripslashes($str), ENT_QUOTES);

blah blah blah...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sorry, but a comment from one person back in *2002* does not make that a factual claim.  I can't find that issue documented anywhere else.  In all the times I've used htmlspecialchars() I've never had it add backslashes to my strings.  Backslashes get added if you have magic_quotes_gpc enabled and pass any request data between pages (usually with a form).  This happens because PHP is expecting that posted data to get entered into a database, and therefore it escapes the values so you don't have to manually do it with addslashes().  If you try to display that data, rather than post it to a database, then you need to use stripslashes().

Of course, the easiest way to tell who's right and who's wrong here is to actually test the code for youself:


$string = "Test of \"htmlspecialchars\" & 'quotes'";
echo "<input type=\"text\" value=\"" . htmlspecialchars($string, ENT_QUOTES) . "\">";


This outputs:

Test of "htmlspecialchars" & 'quotes'

in a text input, with the html source looking like this:

<input type="text" value="Test of &quot;htmlspecialchars&quot; &amp; &#039;quotes&#039;">

According to the above comments, this should be full of backslashes, since I didn't strip them.
A clarification on magic_quotes_gpc ... it's not specifically expecting the data to be inserted into a database, but that is the case in most instances.  Also, it effects any POST, GET or COOKIE values when enabled.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.