In one of the reply to the original posting I made, someone say that htmlentities() would work and upon submission, the PHP's $_REQUEST, $_POST, $_GET would get the apostrophe somehow. (The conversion somewhere would change it back)....
"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > --- Scott Fletcher <[EMAIL PROTECTED]> wrote: > > I'm using data that goes from the HTML textbox to PHP to MYSQL to > > PHP to HTML textbox. The only trouble I have is to escape the > > apostrophe character when it is put into the HTML textbox by PHP > > (from MySQL). > > > > --snip-- > > echo "<input type='textbox' value='".$value."'>"; > > --snip-- > > You could quote your attributes like I do: > > <input type="text" value="foo" /> > > Then apostrophes won't be a problem. :-) > > The better answer is to use HTML entities. There's a nice function called > htmlentities() that can help with this. > > > I can't use the HTML feature like " or something because the > > """ would show up in the database... Any suggestion or advice? > > As they say, timing is everything. > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly > Coming Fall 2004 > HTTP Developer's Handbook - Sams > http://httphandbook.org/ > PHP Community Site > http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php