"i can't"

dotJoon · September 8, 2012, 9:12pm

[b]code[/b]
$query="SELECT say
FROM test
WHERE
n = 1
" ;
$sql = mysql_query($query);
$row = mysql_fetch_assoc($sql);
$say= $row['say'];

echo $say;

[b]result[/b]

He said "I can't".

The code above produces the result above.

Following is some trials for putting the variable “$say” above into a form input tag, but all trials are failed.

[b]trial code1[/b]

$inputSay='<input value=[COLOR="#FF0000"]"[/COLOR]'.$say.'[COLOR="#FF0000"]"[/COLOR]>';
echo $inputSay;

[b]trial result1[/b]

he said

[b]trial code2[/b]

$inputSay="<input value='".$say."'>";
echo $inputSay;

[b]trial result2[/b]

he said "I can

[b]trial code3[/b]

$say=mysql_real_escape_string($say);
$inputSay="<input value='".$say."'>";
echo $inputSay;

[b]trial result3[/b]

he said "\\"I can\\

How can I get the following target result exactly in an input tag.

[b]target result[/b]

he said "I can't".

kduv · September 8, 2012, 9:44pm

Use addslashes() instead


$inputSay = '<input value="' . htmlspecialchars($say) . '">';
echo $inputSay;

tpunt · September 8, 2012, 9:51pm

This outputs nothing because the above is equivilent to:

<input value=""I can't"">

The first double quote closes the value attribute.

The above parses to the following:

<input value='"I can't"' />

The single quote closes the value attribute, hence why you’ve only receieved the value of "I can

mysql_real_escape_string() should only be used for input into your database, not for output. HTML cannot escape special entities by preceding them with a backslash, which is why your message stops at the first single quote found (closing the value attribute).

So what’s the solution? Using the function htmlentities() or htmlspecialchars() to translate HTML equivilents into those entites to ensure they don’t conflict with the pre-existing HTML code.


$say = htmlentities('"I can\\'t"');
$inputSay = '<input value="'.$say.'" />';
echo $inputSay;