Do you understand the BNF language ?
Otherwise there is nothing to understand except that these are the technical specifications of the xml format.
Best Regards,
Le lun. 29 nov. 2021 à 02:41, John <john.iliffe@xxxxxxxxx> a écrit :
Thank you very much for your reply. Yes, addslashes() didn't resolve
the problem.
I am still trying to figure out why this should be an HTML issue since
the echo command is only trying to place a known correct string in a
specific place in the HTML statement. I would have expected
everything to be correct here with maybe a problem when I pick up the
input later.
I'm reading the documentation for both of htmlspecialchars() and
htmlentities() to try and figure it out since I want to understand the
situation.
Thank you for your help.
John
==========
On Sun, 2021-11-28 at 21:53 +0000, AllenJB wrote:
> Tip of the day: addslashes() is almost always the wrong function to
> use
> for escaping output.
>
> You need to escape output for the specific format you're outputting
> to,
> so in this case html.
>
> In native PHP this can be done using htmlentities().
>
> If you are using single quotes for HTML attributes, if you're not
> using
> PHP 8.1+ you'll want to explicitly specify the ENT_QUOTES flag.
>
> For further information and examples see the manual:
> https://www.php.net/htmlentities
>
> Many frameworks and templating libraries will provide their own
> version,
> or you can write your own custom function, that has a nice short
> name
> and allows you to change the defaults to htmlentities() everywhere
> you
> use it in one go.
>
> On 28/11/2021 21:35, John wrote:
> > I have an application where the user enters a name which is
> > subsequently passed to another PHP script for validation using
> > JSON.
> > If the user's name is, eg O'Toole, then the initial PHP script
> > accepts
> > it correctly, the JSON format passes it correctly and if I just do
> > a
> > display of the received JSON block it is correct, but when I put
> > it
> > into the <input> element of a form for validation everything to
> > the
> > right of the ' gets dropped.
> >
> > I have tried addslashes() and that results in: 'O'Toole' --> 'O\'
> >
> > The specific lines of code:
> >
> > -------
> >
> > echo $addrdec['address']['city']; <-- result of associative array
> > recovered correctly from JSON coding
> >
> > results in "St John's"
> >
> > -------
> >
> > echo "<input type=text name=rcity id=rcity length=32 size=20
> > value='"
> > . addslashes($addrdec['address']['city']) . "'></input>  ";
> >
> > results in display "St John\"
> >
> > Looking at the page source that resulted from this the value part
> > of
> > the element (Firefox won't let me copy it directly):
> >
> > .... size="20" value="St John\" s'="">
> >
> >
> > -------
> >
> > and if I don't use addslashes the value becomes 'St John',
> > truncating
> > the 's' following the apostrophe. Frankly, I would have expected
> > a
> > syntax error if the ' were being used to close the literal but
> > that
> > doesn't happen.
> >
> > Looking at the page source that resulted from this the value part
> > of
> > the element (Firefox won't let me copy it directly):
> >
> > .... size="20" value="St John\" s'="">
> >
> > How can I resolve this?
> >
> > Thanks in advance.
> >
> > John
> > ============
