Hi, i have the following code :
<input type="text" value="<?php echo $_GET['msg']; ?>">
This input is automatically filled with the name that is writen in the previous page. So, if the user wrote : i like "apples" and banana The input will be broken because it will close the tag after the double quotes. I know i can avoid that by html entiting the value, but i don't want this, is there another solution or is there an <<< EOD in html ?
Thanks
You should use the htmlspecialchars function, to escape the output for HTML :
<input type="text" value="<?php echo htmlspecialchars($_GET['msg']); ?>">
Note : you might have to add some additionnal parameters, if you are not using ISO-8859-1 as charset ; for example, with UTF-8 :
<input type="text" value="<?php echo htmlspecialchars($_GET['msg'], ENT_COMPAT, 'UTF-8'); ?>">
htmlentities() / htmlspecialchars() is the standard way for this. You should use it.
You can always decode the entities before you send them by E-Mail, or do something else with them using html_entity_decode().