1

I created a input field in HTML, passed the value into PHP. When user provides a name with ' (single quotation) in it my script is breaking. Upon debugging I found out PHP was issue. Can any one show me how to accept ' (single quotation) and " (double quotation) Below is my code:

HTML:

<label>Name: </label><input type="text" name="v1" id="text_input" size="30" required/><br><br>

PHP:

$v1_name = $_POST["v1"];

FYI: Its not sql injection. I need to send that quote as string.

adarsh
  • 11
  • 2
  • Database escaping. Prepared statements. etc. – mario Aug 21 '15 at 17:08
  • [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php/60442#60442) – Thiago Augustus Oliveira Aug 21 '15 at 17:11
  • The question is not related to injection. How would I take the name. For example user name is Todd O'Neil. I would like to take entire name and convert into string. – adarsh Aug 21 '15 at 23:25
  • If you're not inserting this into a database, just use http://php.net/manual/en/function.addslashes.php – j08691 Aug 24 '15 at 18:38
  • How does your script *break*? If you are indeed injection-protected, then quotes are characters like all others and shouldn't break anything. Double quotes are likely to break HTML feedback if used in input fields without escaping, though. – LSerni Aug 24 '15 at 18:38

0 Answers0