Hi,

I have the following :-

$main.="<input name='title' type='text' size='40' value='".$title."'>"

Now this is fine until the value of title is something like:-
$title="when they're going to be here";

All that is displayed in the Form text field is:
when they

The value of $title actually comes from a mySQL db.

I wan't the user to see exactly what they originally type in the form, so they can modify it. How do I get this text field to display the full line :
when they're going to be here

I'm sure I should be doing an addslashes or something, but I just cant get the line to display correctly in the text field.

Thanks in advance

Keith


Hi Keith

I'm a bit rusty with PHP, but I think you are on the right lines because its cutting off the string at the ' in they're.

Try using the addslashes function (when you originally input the data into the mysql db) see if that gets you over the problem (Don't forget to use stripslashes function when getting the information out)

Like I said I'am rusty if that doesn't work, there are bigger and uglier peole on the board who will point you in the right direction.... there's Graham as well...

Hope this helps.

This is how I remember it:



Reading from a form - call stripslashes but ONLY if your server is configured with magic quotes set on (that's the default).  This prevents quotes entered by the user having a backslash in front of them.

Saving to a database - call addslashes which ensures that the 4 special characters that can't be otherwise passed in within your SQL get escaped as appropriate.

Reading back from a database - no action to take since you've lready saved the data cleanly.

Outputting back to the browser (and this INCLUDES echoing back as the value in a text string) - htmlspecialchars which converts < to < and (answering Keith's original query) " to ".


Thanks Graham and Chris,

Chris, I  had tried addslashes, but it didn't help.

Graham, I know PHP addslashes by default (when magicquotes is on) to form data.

The data I am showing is from MySQL, not directly from a form, so the stripslashes and addslashes part seems to be irrelevant.
It's saving fine in mySQL eg; i can pull it back out and echo $title;
and I get:-
when they're going to be here

It's just the form value thing that's the issue.

So all I need to do is use htmlspecialchars

Or am I not understanding something here!?

on 02/02/06 at 23:14:40, keith wrote:

So all I need to do is use htmlspecialchars Or am I not understanding something here!?

Nope, I think that's all you need then.

Ah!

With a bit of swapping from Single Quotes to Double Quotes and vice-versa, it worked like a charm.

Many thanks

Keith

---