Very strange double quote problem in forms

afridy · September 20, 2011, 4:38pm

Hai folks,

i have a form field name ‘title’. now user enters the following in to this field :
17" LCD monitor
when the form is posted, i get :

$title=$_POST['title']

result :
17\" Black LCD

now this value again need to be inserted in to another form

<input name="title" type="hidden" id="title" value="<?php echo $title; ?>" />

now what i receive when posted this form is : 17

i just want the 17\" Black LCD

kreut · September 20, 2011, 5:47pm

Hello!

If you actually write out what you’re echoing, I think that you’ll see the issue:

<input name="title" type="hidden" id="title" value="17\\" Black LCD" />

Can you see how the quote makes the value seem like it’s 17\? One thing that you could do is use htmlentities to change the first post (with &quot instead of " you won’t run into the problem!), and then use html_entity_decode to undo the operation. If you check out the first example here:

http://php.net/manual/en/function.html-entity-decode.php

it will give you a good idea how to do this.

Hope this helps…

-Eric

afridy · September 20, 2011, 6:34pm

kreut:

Hello!

If you actually write out what you’re echoing, I think that you’ll see the issue:
<input name="title" type="hidden" id="title" value="17\\" Black LCD" />
Can you see how the quote makes the value seem like it’s 17\? One thing that you could do is use htmlentities to change the first post (with " instead of " you won’t run into the problem!), and then use html_entity_decode to undo the operation. If you check out the first example here:

http://php.net/manual/en/function.html-entity-decode.php

it will give you a good idea how to do this.

Hope this helps…

-Eric

Thanks kreut for the reply,
ill read about htmlentities. seem this will help!

kreut · September 20, 2011, 6:43pm

You’re welcome! And if it doesn’t make sense, feel free to post again. Also, not to add another bag of worms, but it seems that you have magic quotes turned on php.net/manual/en/security.magicquotes.php (this is the reason for the added slash). You might want to read up on this feature that will soon be deprecated in PHP and consider turning magic quotes off in your ini file or perhaps use a more updated version of PHP.

afridy · September 21, 2011, 6:25am

Hai mate,

turning off the magic quotes really helped to get rid of that \ charactor.

but i could not get away with the second form submission

<input name="title" type="hidden" id="title" value="<?php echo $title; ?>" />

i tried your html_entity_decode suggession. result is same : 17

<input name="title" type="hidden" id="title" value="<?php echo html_entity_decode($title); ?>" />

DarthGuido · September 21, 2011, 6:29am

You do not want to decode, but to encode: http://php.net/htmlentities

afridy · September 21, 2011, 6:37am

works charm!!!

t name="title" type="hidden" id="title" value="<?php echo htmlentities($title); ?>" />

Thanks guido and kreut for the kind help!!

kreut · September 21, 2011, 2:33pm

My apologies: I should have been clearer. In the decode example on the webpage that I sent you to, the first step was to use htmlentities. In retrospect, I should have just sent you to the htmlentities page as guido did. However, it looks like guido cleared it up for you.

Anyway, at least I helped with the magic quotes.

Cheers!

afridy · September 21, 2011, 3:01pm

np mate. i never know about this magic quotes before you mention. was a great help.