| Author |
How to save > in DB through HTML form
|
|
|
| Hello all,
I created a form with some input fields and textarea's corresponding to the
fields in a table.
If an ID is given the data belonging to the record with this id is fetched
and placed in to the value attributes of the input fields. So far regular
database interaction.
In one of the textarea's the user should fill in some HTML. The problem
comes when the user fills in '>' The data is send to the server trough a
POST method an saved in the database. When the data is fetched for the
second time the data is put in the generated html of the form which tells
the browser to translate the entity. We do not see > anymore but in the
input field but a the character '>' appears. When the form is saved again
this character is saved and the data which is entered in the first place
(>) is gone.
When I type in >hallo< I like to see the exact characters when I visit
the form again and not <hallo>
Any one ideas how to do this?
Rob.
| |
| Oli Filth 2005-11-15, 7:55 am |
| Rob wrote:
> Hello all,
>
> I created a form with some input fields and textarea's corresponding to the
> fields in a table.
>
> If an ID is given the data belonging to the record with this id is fetched
> and placed in to the value attributes of the input fields. So far regular
> database interaction.
>
> In one of the textarea's the user should fill in some HTML. The problem
> comes when the user fills in '>' The data is send to the server trough a
> POST method an saved in the database. When the data is fetched for the
> second time the data is put in the generated html of the form which tells
> the browser to translate the entity. We do not see > anymore but in the
> input field but a the character '>' appears. When the form is saved again
> this character is saved and the data which is entered in the first place
> (>) is gone.
>
http://php.net/htmlspecialchars
--
Oli
| |
| Hilarion 2005-11-15, 6:57 pm |
| > I created a form with some input fields and textarea's corresponding to the
> fields in a table.
>
> If an ID is given the data belonging to the record with this id is fetched
> and placed in to the value attributes of the input fields. So far regular
> database interaction.
>
> In one of the textarea's the user should fill in some HTML. The problem
> comes when the user fills in '>' The data is send to the server trough a
> POST method an saved in the database. When the data is fetched for the
> second time the data is put in the generated html of the form which tells
> the browser to translate the entity. We do not see > anymore but in the
> input field but a the character '>' appears. When the form is saved again
> this character is saved and the data which is entered in the first place
> (>) is gone.
>
> When I type in >hallo< I like to see the exact characters when I visit
> the form again and not <hallo>
>
> Any one ideas how to do this?
You should use "htmlspecialchars" function (Oli Fith gave you a link to
the description of this function) on the data you get from DB before you
put it in the generated HTML.
To be precise you should use it not only on data from DB but on all
data which is placed in generated HTML and should not be interpreted
as HTML (which includes data from $_POST, $_GET etc.) and all data
you want to pass unchanged as form field values eg.:
<form ...>
<input type="text" name="some_field"
value="<?php echo @htmlspecialchars( $_REQUEST['some_field'] ); ?>" />
<textarea name="big_field"><?php
echo @htmlspecialchars( $_REQUEST['big_field'] );
?></textarea>
</form>
Hilarion
| |
|
|
"Hilarion" <hilarion@SPAM.op.SMIECI.pl> schreef in bericht
news:dld15v$n7v$1@news.onet.pl...
>
>
> You should use "htmlspecialchars" function (Oli Fith gave you a link to
> the description of this function) on the data you get from DB before you
> put it in the generated HTML.
> To be precise you should use it not only on data from DB but on all
> data which is placed in generated HTML and should not be interpreted
> as HTML (which includes data from $_POST, $_GET etc.) and all data
> you want to pass unchanged as form field values eg.:
>
> <form ...>
> <input type="text" name="some_field"
> value="<?php echo @htmlspecialchars( $_REQUEST['some_field'] ); ?>" />
> <textarea name="big_field"><?php
> echo @htmlspecialchars( $_REQUEST['big_field'] );
> ?></textarea>
> </form>
>
>
> Hilarion
Thanks, it works now
Rob
|
|
|
|