Angelo Zanetti wrote:
Hi all.
I have a situation where people enter values into a textfield can
include the following:
1 ! 2 @ 3 # 4 $ 5 % 6 ^ 7 & 8 * 9 ( 10 ) 11 ; 12 : 13 " 14 ' 15 ? 16 -
17 _ 18
now once the move to another page and then come back to the page where
the textfield is I echo out the value they previously entered, from a
session variable. When the values are saved in a session
variable I addslashes and when I echo I stripslashes, however because of
the " double quote it screws up my page. because the textfield's value
is escaped prematurely.
<input name="subject" type="text" class="textbox" id="subject4"
value="<?php
if (isset($_SESSION['subject']))
echo stripslashes($_SESSION['subject']);
?>" size="90" maxlength="250"
onBlur="writeSubject();">
do this:
echo htmlentities($_SESSION['subject'], ENT_QUOTES);
stripslashes() and addslashes() are for dealing with the nightmare that is
known as 'magic quotes' - add are not to be used to escape output (there is probably
a caveat but I can't think of one).
now Im not sure how to display the results because if I set the value to
either value=' or value=" and the actual value has a ' or a "
respectively its going to escape the value of the textfield and cause
issues... are there any pointers or if someone can make a suggestion??
thanks..
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
