We spend a lot of time ensuring users can't put code into a form input. But I actually want to do this, and have it appear in the $POST array after submit. I can get it to display in the Input, but the $POST element is always blank.
The data starts in MySQL, where (in my case) it's more convenient to save an entire HTML string:
<img class='logo2' src='/graphic/thistlew2010.gif' />
than just the image name. (This is because it's relatively rare for this DB field to contain anything, and when it does both the class and the image name can vary).
I can get the HTML string to display in a text input (with or without 'htmlspecialchars' and/or 'strval'), but no matter what I try, when I submit the form, the content of this variable is always blank. If I substitute a plain text string there's no problem, so I think it must be to do with the HTML, the single quotes or the forward slashes.
Can anyone offer a suggestion, please ?