"Justin Patrin" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Wed, 30 Jun 2004 19:02:50 +0200, Torsten Roehr <[EMAIL PROTECTED]> wrote: > > > > "Scott Fletcher" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > I'm using data that goes from the HTML textbox to PHP to MYSQL to PHP to > > > HTML textbox. The only trouble I have is to escape the apostrophe > > character > > > when it is put into the HTML textbox by PHP (from MySQL). > > > > > > --snip-- > > > echo "<input type='textbox' value='".$value."'>"; > > > --snip-- > > > > > > I can't use the HTML feature like " or something because the """ > > > would show up in the database... Any suggestion or advice? > > > > You CAN use " - convert your data AFTER getting it from the DB. When > > you submit the form the " will be automagically converted back to a " > > in the POST data. I recommend writing a function you run on all data for > > outputting as HTML with htlmentities(). > > > > 1. get data from DB > > 2. convert for valid HTML output (stripslashes(), htmlentities()) > > You shouldn't need stripslashes when getting something out of the DB. > You also shouldn't need addslashes when putting it in. quoteSmart() in > PEAR::DB is a *much* better option.
The last time I tried PEAR::DB 1.6.4 quoteSmart() didn't work for me. It corrupted my statement. Maybe I should try again ;) Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
