1

Sounds very simple, but I'm kinda confused at the moment.

I have this DB object which includes some values that I want to output in an html form.

Simplified Problem: $result is my db object and this is the html input where I want to output some text which can include double or single quotes.

<input class="someclass" name="desc" id="descID" type="text" value="<?=$result['desc'];?>" placeholder="<Description>" />

So if $result['desc'] contains text like this: 'Did you hear about "foobar"?' everything after the first double quote gets cut off and ends up like this: 'Did you hear about '.

What i have tried already without success:

  • htmlspecialchars like this value="<?=htmlspecialchars($result['desc']);?>" or like this value="<?=htmlspecialchars($result['desc'], ENT_QUOTES);?>"

  • addslashes

Note: My DB(mssql) saves the string properly. Only have the problems in my html.

I would be glad if you could help me out here. Thanks.

Improve this question
5
  • Just for kicks, have you also tried htmlspecialentities? Commented Mar 1, 2016 at 13:30
  • 1
    <?php $t = 'Did you hear about "foobar"?'; ?> <input class="someclass" name="desc" id="descID" type="text" value="<?= htmlspecialchars($t);?>" /> work likes charm!! Commented Mar 1, 2016 at 13:32
  • These double quotes around foobar were inserted like this in your DB? If so, escape them before displaying the string. Commented Mar 1, 2016 at 13:49
  • ok so i tested those, and the solution of @Parixit seems to work, BUT only if i actually type <?php $t = 'Did you hear about "foobar"?'; ?>. i tried <?php $t = $result['desc']; ?> and it didn't work Commented Mar 1, 2016 at 13:49
  • @EddeAlmeida my DB saves the text literally as Did you hear about "foobar". And your suggestion is exactly what I'm trying to do here. Commented Mar 1, 2016 at 13:58

2 Answers 2

Reset to default
1

Thanks for the help so far, but i managed to find a solution to this:

<?$descEscaped = str_replace('"', '&quot;', $result['desc']);?>

<input class="someclass" name="desc" id="descID" type="text" value="<?= htmlspecialchars($descEscaped);?>" />
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

htmlspecialchars replaces quotes with "&quot;".
I am using my simple function htmlliteral:

function htmlliteral($s){
     return '"'.htmlspecialchars($s).'"';
}

With this function you can use:

$descEscaped = htmlliteral($result['desc']);
print "<input class=someclass name=desc id=descID type=text value=$descEscaped />";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.