single and double quotes in form validating

**hiptobesquare** · 10-26-2007, 04:09 PM

Hi

I have a form in which i want the user to be able to enter single quotes (mary's chicken's), this is no problem and the form submits as it should.

However, if, on my handing page an error is discovered and i need to redirect the user to the form again, how would i enable the full string of the entered data (mary's chicken's said) to automatically load up in the input box.

PHP Code:


			
$_SESSION[mary]="mary's chicken's";



<input type='text' value='<?PHP echo $_SESSION[mary];?>' name='mary'>

will output

HTML Code:

<input type='text' value='mary' name='mary'>

I could obviously in this case use double quotes to surround the relevant variables, but then im stuck with the same issue if my user decides to use double quotes.

Is this just a flaw in programming which i have to live with ? Id really like to figure out a way around it.

Thanks in advance, mark

**NullPointer** · 10-26-2007, 04:52 PM

You can always escape your quotes.

PHP Code:


			
<?

echo '\''; 

?>

This will output '

**lizciz** · 10-26-2007, 07:20 PM

Couldn't you just use double quotes in your input tags, as you mentioned? This would mean that all single quotes were displayed correctly and you could easily replace all double quotes with ". I think that would work.
(Or simply escape all quotes, as NullPointer wrote.)

**mgraphic** · 10-26-2007, 08:00 PM

Quote:

Originally Posted by lizciz

Couldn't you just use double quotes in your input tags, as you mentioned? This would mean that all single quotes were displayed correctly and you could easily replace all double quotes with ". I think that would work.
(Or simply escape all quotes, as NullPointer wrote.)

As said above, this is the typical way that most php web scripts are written. All html form tags use double quotes for the attribute values, and the var output is converted into html entities like this:

<input type="text" value="<? echo htmlentities($_SESSION['mary']); ?>" name="mary" />

**Foundationflash** · 10-28-2007, 06:01 AM

Mary's chicken's what? What is it that Mary's chicken has? Just kidding of course...

**funky86** · 10-28-2007, 08:11 AM

Hello!

I also have problems with quotes.

I have a html page with textarea in a submit form. When I type into the textarea this line for example:
test: "name"

... and then post it to a php script, I get there this line:
test: \"name\"

It's happening even if I echo the data through the htmlspecialchar($data, ENT_QUOTES) function call.

How get rid of this?

Thanks!

**colbyt** · 10-28-2007, 08:17 AM

Quote:

echo stripslashes($str);

or whatever you are using to print it to the screen.

**hiptobesquare** · 11-02-2007, 06:10 AM

thanks nullpointer, but that will only only escape quotes for entering mysql into th db, and not, as i require escape them in html output. lizciz and mcgraphic, thats exactly what i was looking for- htmlentities.

Thanks eveyone

**funky86** · 11-02-2007, 06:18 AM

Oh and colbyt, thanks for your help. This solved my solution

.

**funky86** · 11-02-2007, 06:22 AM

.. I mean problem ;D.