> WEll for example i got this: > In a field called name i write a name with single quotes for example > 'Alex' > and click submit... in the verify.php i store the data i filled in the > form.php that contains name, surnmane,etcetc... > > so when i save my data to the db i use the addslashes($name) in this > case... > and the i look up the database and i see that the valeu oin my db for name > is like i wrote it in this cas 'Alex'.. that's perfect.. but when i try to > retrieve the user data in another page for example change_user.php i want > to > retrive the user name and show it in a text box but it doesnt show up.. > and > i have this code: > <td><input type='text' name='name' value='".stripslashes($userName)."' > ></td>
I thought this was already covered today? First, you don't need stripslashes() on the data when you pull it from the database unless you have magic_quotes_runtime enabled. Second, slashes mean nothing in HTML. It doesn't recognize them as escape characters. The reason your data isn't appearing is because it's coming out with a value like value=''Alex'', which HTML sees as a value of '' and ignores the rest of the data and an unrecognized attribute. Finally, what you need to do is use htmlentities() or htmlspecialchars() on $userName before you place it between the quotes. This will give you a value of value='"e;Alex"e;', which will display correctly with HTML. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
