I noticed if you enter escaped double quotes within a string into a table and then retrive that string back to a test box in an HTML form, the first quote and all to the right don't show up. Like this example:

<?php
$s = "this is a \"test\"";
?>
<input type="text" value="<?= $s ?>" /><br />
    <?= $s ?> 

Outside the text box the string looks like this: this is a "test".
Inside like this: this is a
How can I display the double quotes in the text box?

<?php

$s = "this is a \"test\"";

?>
<input type="text" value="<?php echo htmlspecialchars( $s ) ?>" /><br />
<?php echo $s ?> 

you can read here what function [man]htmlspecialchars/man does

<input type="text" value="<?php echo htmlspecialchars( $s ) ?>" /><br />

Won't that output &quot: in a text box?

Yes, in the HTML source code,
but &quot; is displayed " by the browser.

Won't that output &quot: in a text box?

As I feared

Thanks for your sugestion halojoy!

The alternative would be to escape the quote in the HTML with a backslash.

bradgrafelman wrote:

The alternative would be to escape the quote in the HTML with a backslash.

Not in this case, unless HTML now allows backslashes to be used as an escaping mechanism, but I do not recall that ever being the case.

reddrum;10937526 wrote:

Won't that output &quot: in a text box?

[man]htmlspecialchars[/man] we use at code we will display, in a page
Because this string will be executed by HTML.
But the string we will use for things in the php code only
we keep can as it is: "this is a \"test\""

Otherwise certain chars may corrupt the output, and cause such a thing as you show in first post.
< > " & are used for special things inside HTML.
This tells HTML how to execute. What is TAG and ATTRIBUTES.
As you can see in this little example:

<input type="text" name="email" value="&nbsp;hello">

But the string we will use for things in the php code only
we keep can as it is: "this is a \"test\""

reddrum;10937526 wrote:

Won't that output &quot: in a text box?

The Firebug extension for Firefox has a really convenient mechanism for testing questions like this: an HTML editor. Open a blank page (otherwise you'll be editing the page you're looking at), open the editor, and type something like

<input type="text" value="this has &quot;double-quotes&quot; in it" size="40"/>

and see how that appears in the page.

This is what I tried:

$strFromDB = htmlspecialchars(stripslashes($strFromDB));
<input type="text" name="strFromDB" value="<?= $strFromDB ?>">

That prints the &quot; and not ". The variable is from a field in a Postgres database.

and Merry Christmas all!

reddrum wrote:

That prints the &quot; and not ". The variable is from a field in a Postgres database.

That implies that the data itself is stored in escaped form with respect to HTML. This would indicate either a bug in the processing prior to storage, or it is intentional. For the latter case htmlspecialchars() should not be used in your example (but this has the disadvantage of being rather inflexible if you want to present the data in some other context).

By the way, you should not be using stripcslashes() on $strFromDB. You should also avoid using short open tags.

stripcslashes was a typo, am using stripslashes and the data is stored in escaped form which leads me back to my orginal problem, that after striping slashes and echoing the result to the text box everything to the right of the first quote is missing.

reddrum wrote:

stripcslashes was a typo, am using stripslashes

You also should not be using stripslashes() as there is no reason to do so, and in fact it could corrupt your data. If you want to remove backslashes because you think that some database escaping mechanism added them when you were storing the text to the database, then consider why you write this in PHP:

echo "this is a \"test\"";

instead of:

echo stripslashes("this is a \"test\"");

after all... wouldn't those backslashes be printed if you didn't use stripslashes()?

reddrum wrote:

and the data is stored in escaped form which leads me back to my orginal problem, that after striping slashes and echoing the result to the text box everything to the right of the first quote is missing.

If the data is stored in escaped form with respect to HTML, then your original problem should not have been observed.

I suggest that you try this:

<input type="text" value="this is a &quot;test&quot;" />

The above would verify to you that what has been said about the use of htmlspecialchars() is correct. So, the problem must be due to a failure to use the function (or htmlentities()) correctly.

You are correct laserlight I was not using stripslashes correctly.
This worked:

$strFromDB = stripslashes($strFromDB);
$strFromDB = htmlspecialchars($strFromDB);

Thank you all for your help!!

reddrum wrote:

You are correct laserlight I was not using stripslashes correctly.

Eh, I am saying that the use of stripslashes is incorrect in this context.

reddrum wrote:

This worked:

Now try this:

$strFromDB = htmlspecialchars($strFromDB);