Thanks for the suggestion Christopher; I was unaware of that format. If you wouldn't mind, could you please explain why it works with regard to the actual code line "<?=htmlspecialchars($data)?>" ? my questions: - what is the = sign assigning the value to; it appears to be a token for echo? - When I tried it I noticed that the = sign cannot have any white space around it; that is, <?=htmlspacialchars(... and not <? =htmlspecialchars(... - I have the web site set up so that the full PHP invocation MUST be used, that is <?php and not <? , yet when I tried this <?php=htmlspecialchars(... doesn't work, I MUST use the short form. Can you suggest somewhere in the manual where this is explained in detail? Thanks in advance. John ============ On Mon, 2021-10-18 at 22:23 +0200, Christoph M. Becker wrote: > On 18.10.2021 at 18:59, John wrote: > > > Solution, forwarded to PHP list: > > ================================ > > > > OK, solved this. > > > > The form input MUST be contained in SINGLE quotes; probably to > > avoid > > being manipulated by the PHP parser. Double quotes or no quotes > > don't > > work. > > > > Example: > > > > <input type="hidden" name="trans" id="trans" value='<?php echo > > $data ?>'> > > > > where $data is the incoming JSON data string. > > > > Thanks for your assistance. > > Thanks for providing a solution, but I suggest to properly entity- > encode > $data anyway, e.g. like > > <input type="hidden" name="trans" id="trans" > value="<?=htmlspecialchars($data)?>"> > > -- > Christoph M. Becker
