1

I'm using PHP to store some session variables to track what users enter into a search form, then we can restore these if they need to start their search again. This is all working well, except for the following.

Users are allowed to wrap a search string with double quote marks which will perform a different type of search on that field (exact match). If a user enters text like this into one of the text search field:

"heart condition"

the seach works and the value is retained in the PHP session variable, but when we come to restore it when doing the search again it fails. Here's the code for restoring the text input:

<input type="text" id="condition" name="condition" value="<?php echo $conditionSearchValue; ?>">

I gather the double quote marks are causing the problem as this would be:

<input type="text" id="condition" name="condition" value=""heart condition"">

Is there a way to restore the input with the double quote marks that I don't know about?

Thanks

user982124
  • 4,416
  • 16
  • 65
  • 140

1 Answers1

1
<input type="text" id="condition" name="condition" value="<?php print htmlentities($conditionSearchValue, ENT_QUOTES); ?>">

More info on htmlentities in the documentation here.

Saturnix
  • 10,130
  • 17
  • 64
  • 120
  • Use [htmlspecialchars($string, ENT_QUOTES, 'utf-8')](http://php.net/manual/en/function.htmlspecialchars.php) for this instead. – Xeoncross May 30 '13 at 23:26
  • Yes, it only encodes those 5 characters that have importance in HTML documents - htmlentities tries to convert much more. – Xeoncross May 30 '13 at 23:28
  • I'm actually passing "ENT_QUOTES" as an argument in htmlentities(): how is it going to search for other characters? Are you sure of that? I'll edit the question according to your note if you can confirm me what you're saying, even considering passing ENT_QUOTES to the function. – Saturnix May 30 '13 at 23:29
  • 1
    Thanks to both of you - it's working with both htmlentities and htmlspecialchars. – user982124 May 30 '13 at 23:33
  • [htmlentities vs htmlspecialchars](http://stackoverflow.com/questions/46483/htmlentities-vs-htmlspecialchars) – Xeoncross May 30 '13 at 23:34