> I use the following php code to build a dynamic table retrieving values from > a MySQL databases that have been inserted with slashes added - > > echo "<td width='100'><input name='descr' type='text' size='45' > maxlength='20' readonly value='".StripSlashes(mysql_result($badgedetails, > $i, 'descr'))."' tabindex='1'/></td>"; > > The problem is, if the value to be displayed is for example O'Neill, then > the output will look something like - > > <td width='100'><input name='descr' type='text' size='45' maxlength='20' > readonly value='O'Neill' tabindex='1'/></td> > > Quite correctly, when this page is rendered, all that will be displayed is O > as the apostrophe after the O will be treated as a closing parenthesis. I > understand AddSlashes and StripSlashes but how can I utilise them to resolve > this issue.
HTML doesn't understand that a slash means to escape a character. What you need to do is use htmlentities() or htmlspecialchars() on the data before you place it between your quotes. echo "<td width='100'><input name='descr' type='text' size='45' maxlength='20' readonly value='".htmlentities(mysql_result($badgedetails, $i, 'descr'))."' tabindex='1'/></td>"; Note: You should not have to be doing stripslashes() on data coming from your database unless magic_quotes_runtime is ON. If your data is coming out with slashes in it, or you can SEE the slashes in the actual data in the database, then you are calling addslashes() twice on your data somehow. I also kind of question why you have mysql_result in there. It's faster to use the mysql_fetch_* functions... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
