SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Thread: "i can't"

  1. #1
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    "i can't"

    Code:
    code
    $query="SELECT say
    FROM test
    WHERE
    n = 1
    " ;
    $sql = mysql_query($query);
    $row = mysql_fetch_assoc($sql);
    $say= $row['say'];
    
    echo $say;
    
    result
    
    He said "I can't".
    The code above produces the result above.

    Following is some trials for putting the variable "$say" above into a form input tag, but all trials are failed.
    Code:
    trial code1
    
    $inputSay='<input value="'.$say.'">';
    echo $inputSay;
    
    trial result1
    
    he said
    Code:
    trial code2
    
    $inputSay="<input value='".$say."'>";
    echo $inputSay;
    
    trial result2
    
    he said "I can
    Code:
    trial code3
    
    $say=mysql_real_escape_string($say);
    $inputSay="<input value='".$say."'>";
    echo $inputSay;
    
    trial result3
    
    he said "\"I can\
    How can I get the following target result exactly in an input tag.
    Code:
    target result
    
    he said "I can't".

  2. #2
    SitePoint Addict kduv's Avatar
    Join Date
    May 2012
    Location
    Maui, HI
    Posts
    211
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Use addslashes() instead
    PHP Code:
    $inputSay '<input value="' htmlspecialchars($say) . '">';
    echo 
    $inputSay
    Keith
    Freelance web developer
    http://www.duvalltech.com/

  3. #3
    SitePoint Enthusiast
    Join Date
    Feb 2012
    Location
    United Kingdom
    Posts
    78
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dotJoon View Post
    Code:
    trial code1
    
    $inputSay='<input value="'.$say.'">';
    echo $inputSay;
    
    trial result1
    
    he said
    This outputs nothing because the above is equivilent to:
    Code:
    <input value=""I can't"">
    The first double quote closes the value attribute.


    Quote Originally Posted by dotJoon View Post
    Code:
    trial code2
    
    $inputSay="<input value='".$say."'>";
    echo $inputSay;
    
    trial result2
    
    he said "I can
    The above parses to the following:
    Code:
    <input value='"I can't"' />
    The single quote closes the value attribute, hence why you've only receieved the value of "I can

    Quote Originally Posted by dotJoon View Post
    Code:
    trial code3
    
    $say=mysql_real_escape_string($say);
    $inputSay="<input value='".$say."'>";
    echo $inputSay;
    
    trial result3
    
    he said "\"I can\
    mysql_real_escape_string() should only be used for input into your database, not for output. HTML cannot escape special entities by preceding them with a backslash, which is why your message stops at the first single quote found (closing the value attribute).

    Quote Originally Posted by dotJoon View Post
    How can I get the following target result exactly in an input tag.
    Code:
    target result
    
    he said "I can't".
    So what's the solution? Using the function htmlentities() or htmlspecialchars() to translate HTML equivilents into those entites to ensure they don't conflict with the pre-existing HTML code.

    PHP Code:
    $say htmlentities('"I can\'t"');
    $inputSay '<input value="'.$say.'" />';
    echo 
    $inputSay


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •