echo HTML tag into php input value

Question

I have problem , I want to echo the string which is html tag, so I don't know how to say that but this is my code

echo '<input type="hidden" name="id" value='.($row['id']).'>';

where the value of $row['id'] is '<b>test</b>', the problem is on the output of the echo, the closing tag of <b> will close the input tag, so the value of input just '<b' thanks.

Answer 1

You will get what you want :-

htmlentities($this->input->post('txtEditor'));

Answer 2

Use htmlspecialchars within your echo statement, like so:

echo '<input type="hidden" name="id" value="' . htmlspecialchars($row['id']) . '">';

Also added quote marks for the value of value.

Answer 3

htmlentities($row['id'],ENT_QUOTES) this will encode < > to < and >

$str = "A 'quote' is <b>bold</b>";


echo htmlentities($str);
// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;

echo htmlentities($str, ENT_QUOTES);
// Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;

Both above are correct, second one safer.

Answer 4

You just need to properly escape:

echo '<input type="hidden" name="id" value="'.($row['id']).'">';

Answer 5

1. Pass data through htmlspecialchars to make it safe for inserting into HTML attributes (by converting characters with special meaning to entities).
2. Quote attribute values (your code doesn't have " around the outputted row id) so that spaces, = and so on will be treated as part of the value

Such:

echo '<input type="hidden" name="id" value="'. htmlspecialchars($row['id']) . '">';

Or, better yet, don't output chunks of markup in PHP mode, switch to straight output mode until you need a variable / function call:

<input type="hidden" name="id" value="<?php echo htmlspecialchars($row['id']); ?>">