Hi.
There is a textarea in my page. I type a text in the textare and then in the script there is:

    $text = nl2br(htmlentities($_POST['text']));

Now what is the problem?
When i type:

I'm fine.

It will be sent to db and will be printed, in both place as:

I\'m fine.

What is the solution for that?

You want to use htmlentities() or htmlspecialchars() when sending data to an HTML page, not when preparing data to be entered into a database. In fact, htmlentities() is not what is causing the I\'m. That's probably the result of addslashes, which you do want to do when escaping data to be entered into a database that is surrounded by single quotes.

Member Avatar

The addslashes ploy, eh? I remember that. You may wish to use prepared statements so that you do not need to use single quotes around your values in SQL. Depends on how you're inserting/updating/filtering.