I have a textarea that is part of a form that submits to a PHP file.
The problem is that when an apostrophe (’) is entered into the textarea, the corresponding REQUEST variable in PHP turns up empty ($_REQUEST['description']). If there is no apostrophe, the $_REQUEST['description'] contains the textarea text as intended. Entering punctuation like single quotes and double quotes also works but an apostrophe does not. The same problem occurs for <input type="text"></input> as well. Is there any way to fix that?
Try this
HTML code
<form action="cible.php" method="POST">
Group name: <input type="text" name="user">
<input type="submit" value="Submit">
</form>
PHP :
<?php
$groupname = htmlspecialchars($_POST['user'], ENT_QUOTES);
echo $groupname;
?>
It's work fine for me
Do you have magic quote in your php config ? Try to disable it.
Related
I have a problem with an input type text.
The value of the field is affected by PHP, like this:
<input type="text" class="form-control" name="ClientName" id="ClientName" value="<?php echo strtoupper($Client['name']).' '.trim($Client['surname']); ?>" />
Each time i have a space added at the end of the string, so when i save datas in my db with htmlentities() function, i have for example:
NAME Surname
I tried a lot of things, i'm sure my data from PHP don't have a space at the end. When i save datas in db, i make a TRIM on this input.
I can't remove this space and i don't know where it comes from!!
Do you have any idea?
Thanks
I am trying to remove the special characters during form submission in PHP. Everytime I want to submit a data for example :
<form action="?" method="get">
<input type="text" name="str" value="I want to remove this" />
</form>
the output in the browser looks like this
http://localhost/?str=I+want+to+remove+this
Is there anyway that we can get rid of those "+" before submission or during submission?
My expected result is
http://localhost/?str=I want to remove this
Thanks for your help...
In the url you cannot have empty spaces, on the server side
str=I+want+to+remove+this
will be read as
str=I want to remove this
only. So i do not think you really need to worry about that encoding.
I have some strings in the database like SNEAKERS "SUPER STAR" GOLDEN GOOSE. These are the titles for some products. When I output it normally inside a <p> it shows the quotes, but when I echo it inside an input value, <input type="text" value="<?= $product->title ?"> the string gets truncated before the first double quote, so the value becomes just SNEAKERS.
Is there a way I can output the double quotes inside the value of an input ?
EDIT:
The closing tag was a typo, in the code it is closed.
Use htmlspecialchars like so:
htmlspecialchars($product->title);
i.e
<input type="text" value="<?= htmlspecialchars($product->title) ?>">
Evaluate this html, I think you'll see where the problem lies:
<input type="text" value="SNEAKERS "SUPER STAR" GOLDEN GOOSE">
If you look closely, you'll see that the double quotes from the string are closing the double quotes for the input. The solution to this as others have pointed out is to call htmlspecialchars and pass it the string prior to outputting it.
You're also missing the ending > for the closing PHP tag.
You're missing your closing tag try this:
<input type="text" value="<?= $product->title ?>">
Also you need to escapte the double quotes inside the html (as in Wayne answer)
Every time a POST is made I get escaped characters.
\ -> \\
' -> \'
" -> \"
I have a multistep form, which transmits the data from one form to another. I save the values with prepared statments in the database. The values in the database currently look like Paul\'s House. User should have the possiblity to use single and double quotes in their string.
This is a simple example demonstrating the escaping effect:
<?php
echo $_POST['value'];
?>
<form action="form.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="value" value="Paul's House">
<input type="submit" value="Next">
</form>
Why or who escapes the string? What is the correct way for handling data over multiple forms? What is the correct way for saving it in the database? Should I use stripslashes() or I'm opening a big security hole?
Looks like you have Magic Quotes turned on.
http://www.php.net/manual/en/security.magicquotes.disabling.php
Check that out for how to disable.
You must turn off the magicquotes in server , otherwise you should very careful about on/off status of the magicquotes .
I'm trying to populate an HTML text box with a php variable. The variable is a string with a single quotation mark in it and is retrieved from a database.
When I echo the variable it looks as it's supposed to - ie. "here's my string" so, it's correctly displaying the ' single quotation mark.
But when I try to put that variable into a text box field ie.
<? echo("<input type='text' name = 'title' value='$title'/>");?>
The quotation mark is ignored..
Any help is greatly appreciated as I've tried running the variable through a number of HTML formatting functions but to no avail.
You should change it to this:
<input type="text" name="title" value="<?php echo htmlentities($title, ENT_QUOTES); ?>" />
htmlspecialchars() and htmlentities() are used to convert strings in to HTML with correct encoding.
The ENT_QUOTES option ensures that the apostrophes and speech marks are also correctly encoded.
Use htmlentities or htmlspecialchars with the ENT_QUOTES flag to escape quotes in the text before outputting it.
<?php echo '<input type="text" name="title" value="'.htmlentities($title, ENT_QUOTES).'" />'; ?>