Thanks.. i solved it but not with that solution.. ill give a try with it.. the way i solved was using ereg_replace before storing in the db and chnging the ' and " with the html characters as you mention with htmlentities()
Thank you all for the responsees!..... "John W. Holmes" <[EMAIL PROTECTED]> wrote in message 000101c2a903$4672cd40$7c02a8c0@coconut">news:000101c2a903$4672cd40$7c02a8c0@coconut... > > WEll for example i got this: > > In a field called name i write a name with single quotes for example > > 'Alex' > > and click submit... in the verify.php i store the data i filled in the > > form.php that contains name, surnmane,etcetc... > > > > so when i save my data to the db i use the addslashes($name) in this > > case... > > and the i look up the database and i see that the valeu oin my db for > name > > is like i wrote it in this cas 'Alex'.. that's perfect.. but when i > try to > > retrieve the user data in another page for example change_user.php i > want > > to > > retrive the user name and show it in a text box but it doesnt show > up.. > > and > > i have this code: > > <td><input type='text' name='name' value='".stripslashes($userName)."' > > ></td> > > I thought this was already covered today? First, you don't need > stripslashes() on the data when you pull it from the database unless you > have magic_quotes_runtime enabled. Second, slashes mean nothing in HTML. > It doesn't recognize them as escape characters. The reason your data > isn't appearing is because it's coming out with a value like > value=''Alex'', which HTML sees as a value of '' and ignores the rest of > the data and an unrecognized attribute. > > Finally, what you need to do is use htmlentities() or htmlspecialchars() > on $userName before you place it between the quotes. This will give you > a value of value='"e;Alex"e;', which will display correctly with > HTML. > > ---John W. Holmes... > > PHP Architect - A monthly magazine for PHP Professionals. Get your copy > today. http://www.phparch.com/ > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
