guyfromfl Posted October 4, 2010 Share Posted October 4, 2010 I am inserting last names into the database using mysql_real_escape_string(), and outputting the data into a textbox using addslashes(). When I try to display O'Brian "O\" is displayed in the text box. The name is saved corretly as O'Brian in the database. I am printing the string like this: echo "<input type='text' value='" . addslashes($customer['lName']) . "' blah blah..."; anybody have any ideas? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 4, 2010 Share Posted October 4, 2010 addslashes is... adding a slash. my solution is to 1. ALWAYS use single-quotes inside HTML elements. then, 2. I use this function instead of addslashes: function htmlSafe($in_string, $stripslashes = FALSE) { if ($stripslashes === TRUE) { $in_string = stripslashes($in_string); } return htmlspecialchars($in_string, ENT_QUOTES); } note: i send $stripslashes = true when the input is from a form and magick_quotes is turned on. Quote Link to comment Share on other sites More sharing options...
guyfromfl Posted October 4, 2010 Author Share Posted October 4, 2010 Ha wow! that did it! Thanks!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.