0

Long story short...

This is the html tag which I want to set the attribute:

echo "<input type='text' name='name' value='".$phpvar."'>";

$phpvar can contain any text and symbols (including quotes and double quotes) in it

How can I properly escape/convert the string to make it display correctly?

Thank you everyone!

EDIT Thank you everyone for helping me out! Ok, if anybody else gets stuck with this, this solved my problem:

  1. Use double quotes (") surrounding the value of the attribute, because HTML only has an entity code for doubles (") and they won't bug like singles (') do.
  2. Convert/encode the string with either htmlentities() or htmlspecialchars().
arielnmz
  • 8,354
  • 9
  • 38
  • 66

4 Answers4

0

To send the value through to your php file you need to encode characters like &, ", ', and many more symbols that are not recognized by the browser.

To do this you can use urlencode() to turn those symbols into the html symbol entities that it can render.

Here is how it should look,

echo "<input type='text' name='name' value='".urlencode($phpvar)."'>";

Here is some helpful questions on stackoverflow that will help you out.

Why should I use urlencode?

AJAX + PHP self-generated fields producing blank results

Best of luck mate!

Community
  • 1
  • 1
Josh Powell
  • 6,219
  • 5
  • 31
  • 59
0

you can use strip_tags() or urlencode() or htmlspecialchars()

or change your echo statement, if the value of $phpvar will only contain single quote so using double quote is a better practice

echo '<input type="text" name="name" value="$phpvar">';

Mohammad Hossein Amri
  • 1,842
  • 2
  • 23
  • 43
  • Well thats a workaround, but $phpvar can contain either single quotes, double quotes or both at any moment... – arielnmz Nov 11 '13 at 07:03
0

I am not sure what special characters you want to remove from the variable. As you mentioned about the quotes, the following code will remove single and double quotes from string.

<?php    
$quotes = array('"', "'");

echo str_replace($quotes, "", "Hello Wor'l'd of PHP");
Anam
  • 11,999
  • 9
  • 49
  • 63
  • That's useful, thanks, but that doesn't work with other symbols like # & etc... I think I'll stick with urlencode, htmlentities or htmlspecialchars – arielnmz Nov 11 '13 at 06:56
0

htmlentities is made for this kind of thing.

$phpvar= '"&#test"';
echo '<input type="text" name="name" value="'.htmlentities($phpvar).'">';

will output

<input type='text' name='name' value='&quot;&amp;#test&quot;'>

The text field will display "&#test".

hcoat
  • 2,633
  • 1
  • 22
  • 29
  • I think thats what I was looking for, thanks! But by the way, what is the difference between htmlentities(), strip_tags(), urlencode() and htmlspecialchars() in simple words? – arielnmz Nov 11 '13 at 06:58
  • `htmlentities()` and `htmlspecialchars()` are identical. I just prefer the shorter. `strip_tags()` is for removing html tags like `

    `. `urlencode()` is for encoding URLs like a link that need special characters in it.

     – hcoat Nov 11 '13 at 07:03
  • Ok, now I understand, just another thing, I noted that neither htmlentities() nor htmlspecialchars() convert the single quotes, and as I mentioned above, $phpvar can contain anything including both types of quotes in the same string – arielnmz Nov 11 '13 at 07:07
  • I updated my answer to reflect quotes being reversed. This way single quotes won't cause an issue. The problem is HTML does not have an entity code for a single quote. So by making sure `value=""` uses double quotes all entities will be converted in away that will be displayed in the text field including single quotes. I hope that makes sense. – hcoat Nov 11 '13 at 07:17