Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 7 of 7
  1. #1
    Senior Member tekp's Avatar
    Join Date
    Jan 2004
    Location
    A small village near a small city near a small cit
    Posts
    918
    Member #
    4667
    Liked
    1 times
    Whenever I have a " inside a property in HTML:

    <input value="d\"d\"d\"" />

    It thinks the value ends at "d\", right? How can I avoid this in PHP? Would I have to convert all of the " to their ASCII equivalent?

    If so, if the form is submitted through a form with action="post" what will happen to the ASCII codes? Will they still be in code form at the other end or not? I.e. would &lt; still be "&lt;" or would it be "<" after the submitting of the form and the receiving on the other end?
    tekp :cheeky: tekponline.com

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,715
    Member #
    5580
    Liked
    717 times
    It's how you use "single quotes" that really affects it ...

    This might explain it better that I can in words:

    Take this form:

    <form action='test.php' method='post'>
    <input type='hidden' name='test1' value='d\"d\"' />
    <input type='hidden' name='test2' value='d"d"' />
    <input type='text' name='test3' value='"Hello There!"' />
    <input type='submit' name='submit' value='submit' />
    </form>


    Then create a PHP script called "test.php" ...

    <?php
    $test1=stripslashes($_REQUEST['test1']);
    $test2=stripslashes($_REQUEST['test2']);
    $test3=stripslashes($_REQUEST['test3']);
    echo "test1: $test1 <br>\n";
    echo "test2: $test2 <br>\n";
    echo "test3: $test3 <br>\n";
    ?>


    Now, run it ...
    And see how it handles the double quotes.

    This is the output:

    test1: d\"d\"
    test2: d"d"
    test3: "Hello there!"



    If you enter this is the text box: <"Hello There">
    the result of test3 will be: ""
    But, if you view the source code, you'll see it's there.
    It just won't display on the browser because the < and > came
    across as < and > not &lt; or &gt;

    You can strip all HTML with "strip_tags()", or you could use "str_replace()"
    to convert to &lt; and &gt; ... a couple of options there.




    .


  4. #3
    Senior Member tekp's Avatar
    Join Date
    Jan 2004
    Location
    A small village near a small city near a small cit
    Posts
    918
    Member #
    4667
    Liked
    1 times
    But I had a value that was placed in a hidden field:

    Code:
    <input type="hidden" name="name" value="<? print $value; ?>" />
    and

    PHP Code:
    $value "d\"ddd\"ddd"
    for example. Then the HTML would read:

    Code:
    <input type="hidden" name="name" value="d\"ddd\"ddd" />
    But HTML doesn't escape the "s with the \, and so the value property of the element wouldn't work correctly, do you see..?

    I.e. it's not the PHP side I'm having a problem with, it's the HTML side of it
    tekp :cheeky: tekponline.com

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,715
    Member #
    5580
    Liked
    717 times
    Did you try this yet (with single quotes) ... and = instead of print?

    <input type='hidden' name='name' value='<?=$value; ?>' />


  6. #5
    Senior Member tekp's Avatar
    Join Date
    Jan 2004
    Location
    A small village near a small city near a small cit
    Posts
    918
    Member #
    4667
    Liked
    1 times
    I didn't try it with = instead of print, what does that do?

    And even if I did use single quotes if there were single quotes in the string it would give the same problem :/
    tekp :cheeky: tekponline.com

  7. #6
    Senior Member tekp's Avatar
    Join Date
    Jan 2004
    Location
    A small village near a small city near a small cit
    Posts
    918
    Member #
    4667
    Liked
    1 times
    Ahh never mind!

    I found I could just replace " with &quot; in the string, it's fine

    Thank you anyway!
    tekp :cheeky: tekponline.com

  8. #7
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    Yes, that's correct. [minicode]&quot;[/minicode] is the appropriate HTML entity for ", just like [minicode]&amp;[/minicode] is the one for &. Use these whenever you want to use the " and & *characters*, use the normal versions whenever you need those characters for actual HTML.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 07:32 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com