Quotes within value attribute

Forum Moderators: open

Message Too Old, No Replies

Quotes within value attribute

How are quotes escaped?

theguX

2:40 pm on Dec 5, 2004 (gmt 0)

I have an input that's value is echoed by php:
<?
echo '<input type="text" value="' . $text1value . '" name="text1" />';
?>
My problem is the $textvalue1 contains quotes so when it the code is run it generates something like this:
<input type="text" value="blah blah " blah" name="text1" />
Is there any way of fixing this?

Birdman

2:54 pm on Dec 5, 2004 (gmt 0)

Welcome to the boards, theguX!

Here is the function I use to display strings that may have quotes in form fields:

function form($str){
return htmlspecialchars [php.net](str_replace("''", "'", $str), ENT_QUOTES);
}

You may, or may not, need the str_replace() part. In my case, it fixes the automatic escaping of single quotes that happens on this server(magic_quotes).

Ther usage would be:

echo '<input type="text" value="' . form($text1value) . '" name="text1" />';

bcc1234

3:08 pm on Dec 5, 2004 (gmt 0)

Use "

theguX

9:18 pm on Dec 5, 2004 (gmt 0)

Thanks. That works.

I tried that initially, but it didn't work for some reason, so thats why I posted here. It works now anyway.
Thanks!

theguX

5:45 pm on Dec 6, 2004 (gmt 0)

Actually, I found out what the problem was.
This was my code:
function quotes($text)
{
$blah1 = array('"', '&');
$blah2 = array('"', '&');
return str_replace($blah1, $blah2, $text);
}
The problem was that as soon as it was replaced with ", that was replaced with &quot;. I got around this problem by doing this:
function quotes($text)
{
$blah1 = array('&', '"');
$blah2 = array('&', '"');
return str_replace($blah1, $blah2, $text);
}

Thanks again for your help.