On Tue, January 31, 2006 5:03 am, All U Want wrote:
> I'm sure it is a very simple question for you but I'm getting almost
> crazy.
>
> I've got a simple form with several form objects, one of them is a
> text field. After submitting the form if one of the form objects
> hasn't been modified I will show the same form but keeping the data
> previously introduced. My problem is the text field, I can't show any
> special characters again, even if there was any space only the first
> word is shown, etc.
>
> I've been playing with different function like urldecode, urlencode,
> stripslashes, htmlspecialchars, etc. but couldn't show the same text.
>
> Do  you know how I can fix this?

The first big problem is that you are outputting stuff like this:

<input name=foo value=this value has whitespace so is not a value />

instead of this:

<input name="foo" value="this value has whitespace but quotes matter" />

You should call http://php.net/htmlentities on the data right before
you print it into the HTML page.

<?php $value_html = htmlentities($value)?>
<input name="foo" value="<?php echo $value_html?>" />

> Note that magic_quotes_gpc is enabled.

In that case, you need to call http://php.net/stripslashes on the data
before you do anything with it, except to cram it into a database.

magic_quotes_gpc *ONLY* made sense in the context of the early days of
PHP when 99.9999999% of the data was just getting tossed into a MySQL
database and there were a lot less Bad Guys around -- when it was all
guestbooks and lovey-dovey surfers.

In today's world, Magic Quotes should probably just die...

It's a shame, in a way, in that Magic Quotes is a nice simple solution
to those simplistic applications that are just tossing data into a
database, and not doing much else.  But PHP has grown up a lot since
then, and the world is a different place.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to