php form handling input value post self some characters error

Question

i post data into form action to php self some characters make errors. This charactor are " or \ if u put " input name return into \ how to fix it

<form id="form1" name="form1" method="post" action="<? echo $_SERVER['PHP_SELF']; ?>">
  <label for="name"></label>
  <input name="name" type="text" id="name" value='<? print htmlspecialchars($_POST['name']); ?>' />
  <br />
  <input type="submit" name="button" id="button" value="Submit" />
  <? print htmlspecialchars($_POST['name']); ?>
</form>

isnt the "short tag" format suppose to be `= $var ?>` rather than ` echo $var ?>`? — CodeGodie, Sep 17 '15 at 14:07
@CodeGodie no it isn't. Short echo syntax and short open tags are two somewhat different things. — PeeHaa, Sep 17 '15 at 14:08
This could help you: http://stackoverflow.com/questions/4228282/how-do-i-remove-quotes-from-a-string I guess you have a quote problem ... — sensorario, Sep 21 '15 at 10:14

Anthony Broadbent · Accepted Answer · 2015-09-21T10:11:17.443

1

Im not exactly sure what the problem is but I think you are getting errors when returning special characters into an input field. If so try this: http://php.net/manual/en/function.htmlentities.php you will need to convert the special characters into html entities so the data isnt read as code which will cause issues. I have just tested this by changing the message input to <?php echo htmlentities($_POST['name']); ?> and the characters are displaying as normal. Use this code:

<!DOCTYPE html>
<html>
    <head>
        <title></title>
    </head>
    <body>
        <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
            <label for="name"></label>
            <input name="name" type="text" id="name" value="<?php echo htmlentities($_POST['name']); ?>" />
            <br />
            <label for="message"></label>
            <textarea name="message" id="message" cols="45" rows="5"><?php echo $message; ?></textarea>
            <br />
            <input type="submit" name="button" id="button" value="Submit" />
        </form>
        echoed (<?php echo htmlentities($_POST['name']); ?>);
    </body>
</html>

edited Sep 21 '15 at 10:11

answered Sep 17 '15 at 14:25

Anthony Broadbent

393
2
15

OP most likely wants `htmlspecialchars` instead – PeeHaa Sep 17 '15 at 14:33
but wont `htmlentities` convert all characters so it gives a better result as oppose to `htmlspecialchars` that only converts certain characters, unless im reading the docs wrong? – Anthony Broadbent Sep 17 '15 at 14:37
Yes, but in 99.9% of the cases there is no need to convert all characters making the document needlessly heavy :-) – PeeHaa Sep 17 '15 at 14:44
Ah thats a good point. So `htmlspecialchars` in this case would be more efficient. – Anthony Broadbent Sep 17 '15 at 14:46
Yes correct. Just pass the correct encoding and most likely the `ENT_QUOTES` flag and OP should be fine :-) – PeeHaa Sep 17 '15 at 14:59
name input give `look "` then the result is `look \"` still no get solution by `htmlentities` and `htmlspecialchars` @Anthony Broadbent – Henok Sep 18 '15 at 09:05
@Henok is there any more code that you havent shown? It looks like the data from the input field is being escaped and that would be why you are getting the \" when you use just ". I have made an example here: http://seafreshdirect.com/ant/php/entities.php and it works as expected. – Anthony Broadbent Sep 18 '15 at 09:36
@Anthony Broadbent can u paste code here or Edit my question – Henok Sep 18 '15 at 13:20
@Henok Ive updated my answer with the code I used. If this doesn't work then there may be issues with your PHP configuration. – Anthony Broadbent Sep 21 '15 at 10:11

php form handling input value post self some characters error

1 Answers1