Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

carrying apostrophe in form

need to keep apostrophe in form result

3:52 am on Apr 14, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
votes: 0

Pulling business name from database as Example's Name. I am trying to keep the apostophe all the way through the form process.

Page 1 of the form has:

<input type='hidden' name='bname' value='".$bus."'>

Page 2 of the form has


<?php echo ($businessname) ?>

I cannot echo the apostrophe in Example's Name. I have tried many variations of stripslashes and htmlspecialchars. I still cannot get it to work.

Any help would be appreciated.


5:28 am on Apr 14, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Feb 4, 2004
posts: 215
votes: 0

htmlentities [php.net] with ENT_QUOTES is what you want.

$businessname = htmlentities($_POST["bname"],ENT_QUOTES);

4:53 pm on Apr 14, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
votes: 0

I *think* htmlentities() will only work for double quotes, a " gets converted to &quot;. I don't know that it applies to a singlequote.

Even if it does, this presents problems when searching. If you were to store data like so

Book title: &quot;The End of the Internet As We know it &quot;

A search for

where title like '%"The End%';

would fail.

If you're working with apostrophied values, you have to decide your method of approach and stick to it. For example,

<input type='hidden' name='bname' value='".$bus."'>

Single quoted values are valid, they're just not "standard." Personally I go the other way around so that my output values are double quoted, and anything in my programming is single quoted:

print '<input type="hidden" name="bname" value="'.$bus.'">';

Now let's talk about inserting "Example's Name" into your database.

$bus ='Example\'s Name';

This won't work because mySQL obviously thinks the value ends before the "s"

insert into table (title) values ('$bus');

So my solution is a single substitution for single quotes. Just the single quote. This limits the amount of "treatment" my insert statements require:

foreach ($_POST ad $key=>$value) {
$value = preg_replace("/'+/","''",$value);
insert into table (field) values ('$value');

This gives you

insert into table (field) values ('Example''s Title');

Which should properly store "Example's Title" in your table.

On extraction, if you double-quote your form values, you should get this

<input type="hidden" name="bname" value="Example's Title">

If you like working the other way, reverse the idea, but as mentioned, this can get you into troubles with double-quoted values, which should be html entites: &quot;.

5:02 pm on Apr 14, 2009 (gmt 0)

Senior Member

joined:Nov 12, 2005
votes: 0

I *think* htmlentities() will only work for double quotes, a " gets converted to &quot;. I don't know that it applies to a single quote.

Actually it will apply for the single quote, as well. Should replace it with the entity


As for adding text into a database with characters such as the single quote ('), a simple escaping should be more than enough to have it store properly. But this is a bit off topic, here.

The bottom line is you need to convert to entities or you have to have properly formed quotes surrounding text in a tag's attribute.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members