Angelo Zanetti wrote:
Jochem Maas wrote:
Angelo Zanetti wrote:
Hi all.
I have a situation where people enter values into a textfield can
include the following:
1 ! 2 @ 3 # 4 $ 5 % 6 ^ 7 & 8 * 9 ( 10 ) 11 ; 12 : 13 " 14 ' 15 ? 16
- 17 _ 18
now once the move to another page and then come back to the page
where the textfield is I echo out the value they previously entered,
from a session variable. When the values are saved in a session
variable I addslashes and when I echo I stripslashes, however
because of the " double quote it screws up my page. because the
textfield's value is escaped prematurely.
<input name="subject" type="text" class="textbox" id="subject4"
value="<?php
if (isset($_SESSION['subject']))
echo stripslashes($_SESSION['subject']);
?>" size="90" maxlength="250"
onBlur="writeSubject();">
do this:
echo htmlentities($_SESSION['subject'], ENT_QUOTES);
stripslashes() and addslashes() are for dealing with the nightmare
that is
known as 'magic quotes' - add are not to be used to escape output
(there is probably
a caveat but I can't think of one).
thanks it works well but now say the user has entered: My "FIrst" book
it gets returned as My \"FIrst\" book is there a way for it to be
returned as it was originally entered?
thanks again!
Read here...
http://us3.php.net/manual/en/security.magicquotes.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
