tags:

views:

238

answers:

4
Q: 

Use of double quotes in a 'input type="text"' value wont work, string stops at double-quote !

How can I make it possible for users to use the '"' (double quote) inside a textfield...

Whenever I do use double-quote in the field (the value) then when receiving the variable in my PHP file with:

   $text=mysql_real_escape_string($_POST['subject']);

and then echo it, I get a string which is escaped properly, but the string stops exactly before the double-quote!

I dont want it to stop because of the double-quote though!

Javascript is used to validate the text-field so its not empty, maybe I should do something more with javascript when validating, and altering the value, so php can get the correct value including the double quotes?

Thanks

UPDATE

CODE:

   $headline= mysql_real_escape_string($_POST['headline']);
   echo htmlentities($headline);

I have tried merging the two above, will only give the same results. NOTE: I have ALSO TRIED adding ENT_QUOTES into the htmlentities function...

Unformatted string as entered:

   + , . ; : - _ space & % ! ? = # * ½ @ / \ [ ]< > " ' hej hej

will output this when echoing it:

   + , . ; : - _ space & % ! ? = # * ½ @ / \\ [ ]< >
+5  A: 

You have to use htmlspecialchars($str, ENT_QUOTES) or htmlentities($str, ENT_QUOTES) to convert the quotes to the HTML entity &quot;. Those function also take care of other characters that should be encoded.

mysql_real_escape_string() is only meant for escaping single quotes in database queries, so that you can correctly enter strings with single quotes into your database (and avoid SQL injections).

EDIT: Added parameters. Thanks to micahwittman

Franz  2009-11-20 17:00:38
It wont display a double-quote, it only displays backslashes... Read my update plz
Camran  2009-11-20 17:11:43
You need to use the optional second parameter for htmlentities like this: echo htmlentities($headline, ENT_QUOTES); which will also encode double and single quotes (see other special constants besides ENT_QUOTES at http://php.net/manual/en/function.htmlentities.php ). Also, you shouldn't only use sql_real_escape_string() for preparing to store the string in a mysql database - that's why \ is becoming \\.
micahwittman  2009-11-20 17:24:17
+1  A: 

Its not the job of the JS to modify the input string, server should make sure it can accept what its getting regardless.

You could escape out the double quotes with another value either Assci symbol or HTML &quot; etc. before you pass it into your mysql escape function?

Pete Duncanson  2009-11-20 17:00:42
+1  A: 

The reason it isn't working when you're outputting it into the input is because the value is being truncated at the quote. You'll need to use htmlspecialchars() on the output.

fiXedd  2009-11-20 17:03:16
A: 

You're mixing up two things: mysql_real_escape_string is used to prepare strings for storing in a mysql database. htmlentities is used to prepare strings for echoing in the browser. Both are important to do, but calling one after the other on the same string can't be expected to work. Do something like the following:

// Copy string after escaping for mysql into $db_headline
$db_headline= mysql_real_escape_string($_POST['headline']);

// Copy string after escaping for page display into $html_headline
$html_headline = htmlentities($_POST['headline']);

// Store the headline in the database

...

?>
<input type="text" name="headline" value="<?php echo $html_headline ?>" />

...
Frank Schmitt  2009-11-20 17:23:30

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?