0

Hi.
There is a textarea in my page. I type a text in the textare and then in the script there is:

    $text = nl2br(htmlentities($_POST['text']));

Now what is the problem?
When i type:

I'm fine.

It will be sent to db and will be printed, in both place as:

I\'m fine.

What is the solution for that?

3
Contributors
2
Replies
23
Views
2 Years
Discussion Span
Last Post by diafol
1

You want to use htmlentities() or htmlspecialchars() when sending data to an HTML page, not when preparing data to be entered into a database. In fact, htmlentities() is not what is causing the I\'m. That's probably the result of addslashes, which you do want to do when escaping data to be entered into a database that is surrounded by single quotes.

0

The addslashes ploy, eh? I remember that. You may wish to use prepared statements so that you do not need to use single quotes around your values in SQL. Depends on how you're inserting/updating/filtering.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.