I have a text box like ,
<!--<input type="text" maxlength="255" name="$key" value="<?php echo $value;?>" />-->
$value is b'bbb"bbb
But it only shows b'bbb as value.Can any1 help ???
views:
30answers:
2
+3
A:
Properly escape your data that should be displayed unparsed in HTML using htmlentities():
<input type="text" maxlength="255" name="<?php echo htmlentities($key);?>" value="<?php echo htmlentities($value);?>" />
The quote char (") is breaking your code. It could get more dangerous if you've a $value like "><script>alert("xss")</script> (it's called XSS and will pop up an alert box with "xss")
Lekensteyn
2010-09-30 11:12:20
thnaks that worked
2010-09-30 11:23:17
A:
Obviously the " in your $value is breaking the html.
Try echo htmlspecialchars($value);
Damien
2010-09-30 11:13:23