tags:

views:

148

answers:

2
Q: 

Secure inserting value of $_POST['textarea'] into <textarea> HTML tag using PHP only.

Is there any way to insert $_POST['textarea'] into <textarea> without escaping shell special chars? I do sth. like : 

 <textarea>
     <?php 
           echo escapeshellcmd($_POST['textarea_field']) ; 
     ?>
 </textarea>

and I have a problem with \ chars. I do not wont them in <textarea> but without escapeshellcmd(); function it is possible to post HTML </textarea> tag and insert whatever from HTML to javascript code after. Can you give me some advice regarding this problem, please? Can I insert posted data into textarea without \ chars?

Thanks in advance for any suggestion.

+3  A: 

Try it with htmlspecialchars. escapeshellcmd is for a different purpose, namely escaping shell commands.

deceze  2010-08-05 05:53:00
Thanks a lot. That will do. Now I see. Your answer is very helpful. Respect.
 2010-08-05 06:02:59
+2  A: 

Have you tried htmlentities or htmlspecialchars yet?

alopix  2010-08-05 05:53:59
Thanks. That will do. Respect.
 2010-08-05 06:03:25

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?