Hi,
I have no problem injecting texts that come with quotes into my database (I think), for instance,
I’d like to say “Hello”
the problem is, when I can to edit this text (title) again, in the input field, it only shows this,
I’d like to say
the double quotes are missing. I think it is bcos of this - value=“” which has double quotes,
<input name="pg_title" type="text" value="<?php echo $row_page['pg_title'];?>"/>
how can I fix this problem??
many thanks,
Lau
To make strings HTML-friendly, use htmlentities:
<input name="pg_title" type="text" value="<?php echo htmlentities($row_page['pg_title']); ?>"/>
see htmlspecialchars() and use ENT_QUOTES options.
thanks got it! 
cool thanks for the help
hi sorry having problem with htmlspecialchars() now…
I convert all single and double quote when injecting them into database,
htmlspecialchars($pg_title, ENT_QUOTES)
it shows this in the database,
it(single quote - converted)s "marry" (note that the single quote cannot be displayed here)
then I decode it again and wrap with htmlentities() when i want to edit it again,
<input name="pg_title" type="text" value="<?php echo htmlentities(htmlspecialchars_decode($row_page['pg_title']));?>" />
it shows this in the input field -
it(single quote - converted)s “marry” (note that the single quote cannot be displayed here)
the single code is not decoded or something else??
thanks
L
got it sorted. just need to ehco the converted text straight from the database, without using htmlentities()
thanks 