Here's a frustrating one...
We have a form generated by a PHP script that takes a value from a database field and loads it into an HTML field using the "print" function:
print "<input value=\"$my_happy_var\">";
$my_happy_var can contain both single and double quotes at the same time:
$my_happy_var = We're "THE BEST" company in the world!
What ends up happening is when my edit form calls up $my_happy_var from the database, it ends up showing up in the HTML field I am outputting like:
We're
If I add slashes, it appears like this:
We're \
I am using ereg_replace at the moment to convert double_quotes into single quotes on $my_happy_var so that the value gets displayed like this:
We're 'THE BEST' company in the world!
The script that saves this value back to the database will save it like this though, thus killing the double-quotes (having turned them into single quotes). It is imperative that this information gets saved back the way the user intended though (meaning if there are double-quotes, they need to be retained).
Of course this is the only form field out of like 30 on the form itself that has this issue, and the data in this field is only edited like 33% of the time the edit script is called (so if the original site user enters in lots of single and double quotes in the my_happy_var field originally, the double quotes get altered even if the editing usr isn't changing anything in that field on the edit form)
What I would like help with is:
- Is there a way to display single/double quote-containing database data in an html input box without having to ereg_replace the data first, thus maintaining the single/double quotes?
I have magic_quotes_gpc ON, but not magic_quotes_runtime or _sybase.
Thanks!
