We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

serialize double quotes

jackjohnson44
on
Medium Priority
795 Views
Last Modified: 2012-08-13
Hello,
I have a content management interface.

Pretty much a bunch of text areas that you enter content into.
On another page, I have all the info displayed.

I put the form results into a serialized array.

I am having trouble with double quotes.

How do you preserve the quotes and also display the correct data in the text areas.

<a href="http://www.cnn.com">Link to CNN</a>

when I try to display this in the text area, the quotes ruin everything.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
When you say "displayed on another page" do you mean echoed?

If so you have to escape the quotation mark using bacslash \

<a href=\"http://www.cnn.com\">Link to CNN</a>

Gamebits
CERTIFIED EXPERT

Commented:
If you're loading this data into a form, you can use htmlspecialchars($data) to stop the quotes from breaking the form inputs.  Example:

echo htmlspecialchars($data);

Hope that helps!
Only using htmlspecialchars will put in a backslash (\) before the double quotes.  Therefore, use stripslashes(htmlspecialchars($data));

Example (using a textarea):

print "<textarea name="somename"> " . stripslashes(htmlspecialchars($data))  . "</textarea>";
CERTIFIED EXPERT
Commented:
htmlspecialchars() does NOT put a backslash in front of quotes... that's what addslashes() does (or magic quotes, if enabled).  The htmlspecialchars() function changes single quotes to '&#039;' and double quotes to '&quot;'.

http://us2.php.net/manual/en/function.htmlspecialchars.php

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
It actually does add slashes.  Read the comment by juadielon_NOSPAM at hotmail dot com:

I was trying to retrieve information from a database to display it into the browser. However it did not work as I was expecting.  For instance double quotes (") and single quotes (') were conflicting in HTML in an INPUT selector.

The first approach to solve this was to use htmlspecialchars to convert special characters to HTML entities to display the input box with its value.

$encode=htmlspecialchars($str, ENT_QUOTES);

However, the result was having HTML entities with a \ (backslash) preceding it (escape characters).  For instance ampersand (&) becomes \&amp; displaying \& and double quotes becomes \&quot; displaying \"

So the final solution was to replace first any \ (backslash) and then ask htmlspecialchars to make the conversion.

[Editor's Note: This is the wrong way to do this. The proper way is to use

$encoded = htmlspecialchars(stripslashes($str), ENT_QUOTES);
]

blah blah blah...
CERTIFIED EXPERT

Commented:
Sorry, but a comment from one person back in *2002* does not make that a factual claim.  I can't find that issue documented anywhere else.  In all the times I've used htmlspecialchars() I've never had it add backslashes to my strings.  Backslashes get added if you have magic_quotes_gpc enabled and pass any request data between pages (usually with a form).  This happens because PHP is expecting that posted data to get entered into a database, and therefore it escapes the values so you don't have to manually do it with addslashes().  If you try to display that data, rather than post it to a database, then you need to use stripslashes().

Of course, the easiest way to tell who's right and who's wrong here is to actually test the code for youself:

<?PHP

$string = "Test of \"htmlspecialchars\" & 'quotes'";
echo "<input type=\"text\" value=\"" . htmlspecialchars($string, ENT_QUOTES) . "\">";

?>

This outputs:

Test of "htmlspecialchars" & 'quotes'

in a text input, with the html source looking like this:

<input type="text" value="Test of &quot;htmlspecialchars&quot; &amp; &#039;quotes&#039;">

According to the above comments, this should be full of backslashes, since I didn't strip them.
CERTIFIED EXPERT

Commented:
A clarification on magic_quotes_gpc ... it's not specifically expecting the data to be inserted into a database, but that is the case in most instances.  Also, it effects any POST, GET or COOKIE values when enabled.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.