2

I am using smarty for template. I am fetching one issue with rendering. i have one variable value of that variable is 

this is text" data

but when i print this value in tpl file it prints only this is text except the 

this  is text" data

Why this is happening? please help Thanks in advance

Praveen kalal
  • 2,148
  • 4
  • 19
  • 33
  • Did you tried escaping it using `this is text\" data` – Mr. Alien May 09 '13 at 11:17
  • can you please right the code. – Praveen kalal May 09 '13 at 11:19
  • you should escape when you put it to db. For example via htmlspecialchars() or addslashes(). Then unescape(when you use addslashes) when you print it. Quotes can be changed to " which is valid against html standard, this replacing can be obtained via htmlspecialchars(); – Robert May 09 '13 at 11:31
  • DB: mysqli/pdo prepare() or mysql mysql_real_escape_string() not addslashes or htmlspecialchars, and OUTPUT: htmlspecialchars() as htmlentities() may cause problems with UTF-8 – Waygood May 09 '13 at 11:33

2 Answers2

3

In smarty you can escape the data using {$variable|escape:'format'}

In this case a format of html should do the trick

{$variable|escape:html}

ref: http://smarty.net/docsv2/en/language.modifier.escape.tpl

Waygood
  • 2,657
  • 2
  • 15
  • 16
2

You shouldn't be using quotes in HTML text-nodes anyway (it's invalid). Use " (escaped) instead.

So for your example:

this is text" data

If your text is coming from your DB, use htmlspecialchars() to properly escape it:

$val = htmlspecialchars($val);
Steven Moseley
  • 15,871
  • 4
  • 39
  • 50