Handling quotes with php forms

Posted on 2007-10-05
Last Modified: 2013-12-13
Hi Experts,
I'm working on a php form and having some trouble with handing quotes.

I realize it's probably not the best way to code it, but I've been wrapping the table elements of my form in print statements. This means that if I code:

print '<tr BGCOLOR="white"><td><INPUT TYPE="text" NAME="capFirst" SIZE=40></td>';
and the user enters: My name is "bob", the output will be "My name is" because the quotes are read as being an element of the code and essentially ignored.

I use addSlashes() when I'm handling the data to put it into my databases, etc but I'd like users to be able to enter both single and double quotes in their entry and have the program allow both (at least in the front end).

How do I do this? Any help is appreciated.
Question by:dm06tw
    LVL 20

    Expert Comment


    htmlentities($yourdata,ENT_QUOTES) instead of addslashes

    Author Comment

    I'm not actually "addslashing" it until I handle it... The form has 3 steps, they fill in the first step and on the second step it sets the default values in the text boxes to what they typed from the first. I addSlash it before inserting it into my database.

    maybe that's a bad way of doing it?
    LVL 20

    Accepted Solution

    You should use addslashes or mysql_real_escape_string before entering data in the database.

    When you echo  the values you  got from the first set use htmlentities

    for example ....

    print '<input type="text" name="somefield" value="'.htmlentities($_POST["data_from_1s_setpt"],ENT_QUOTES) .'">';

    Author Comment

    Works great!

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Suggested Solutions

    A colleague recently asked me about how to give his client a small part of the web site that could be completely under the client's control.  Since I have done this sort of thing before to add emergency banners to a web site, I decided I would creat…
    This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now