On Wed, 30 Jun 2004 19:02:50 +0200, Torsten Roehr <[EMAIL PROTECTED]> wrote: > > "Scott Fletcher" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > I'm using data that goes from the HTML textbox to PHP to MYSQL to PHP to > > HTML textbox. The only trouble I have is to escape the apostrophe > character > > when it is put into the HTML textbox by PHP (from MySQL). > > > > --snip-- > > echo "<input type='textbox' value='".$value."'>"; > > --snip-- > > > > I can't use the HTML feature like " or something because the """ > > would show up in the database... Any suggestion or advice? > > You CAN use " - convert your data AFTER getting it from the DB. When > you submit the form the " will be automagically converted back to a " > in the POST data. I recommend writing a function you run on all data for > outputting as HTML with htlmentities(). > > 1. get data from DB > 2. convert for valid HTML output (stripslashes(), htmlentities())
You shouldn't need stripslashes when getting something out of the DB. You also shouldn't need addslashes when putting it in. quoteSmart() in PEAR::DB is a *much* better option. > 3. output as HTML (into the form elements) > 4. get POST data > 5. escape POST data and insert into DB again > > Hope this helps. > > Regards, Torsten Roehr > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > !DSPAM:40e2f031124651465110022! > > -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
