Input field containing double quotes value

Question

In my PHP project I have a value containing special characters like ",', etc. (" 5 " inches, '3.5' inches, etc.). But it does not appear in a text field. How can I display this?

Is it possible to display this value in a text box?

Answer 1

It looks like the best way to manage single and double quotes (and other special chars) with HTML input is mimicking it via textarea field. So just create a textarea instead of input field and give some styles to make it look like a native input.

<textarea class="fake-input"> quote's and other quote"s </textarea>
<style>
.fake-input {
    height: 20px; /* based on your font-size */
    resize: none;
    overflow: hidden;
    white-space: nowrap;
    width: /* your input width */
}
</style>

Answer 2

I needed to apply htmlspecialcars() to the query result array. I found a useful solution from here (see the comment by sean).

// Create a cleaning function
function _clean(&$value) {
  $value = htmlspecialchars($value);
  //$value = htmlspecialchars($value, ENT_QUOTES); // Alternative
}

// Fetch the data from DB somehow (sqlQ is a custom function)
$q = "...";
$r = $d->sqlQ($q);
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);

//...call the function recursively (not always necessary) to the resultset row
array_walk_recursive($row, '_clean');

It does quite a bit unnecessary work if you fetch only a few text columns, but at least you don't need to write the htmlspecialchars() function to the HTML form multiple times.

Answer 3

Personally, I use this trick:

$s = str_replace("& amp ;", "&", (htmlentities(stripslashes($s), ENT_QUOTES, 'UTF-8')));

Answer 4

I've found if you have double quotes in a variable in JavaScript (from Ajax/database whatever) and you want to put it in a field - if you build the whole field/form HTML content and then swap that into a div using innerHTML, the double quotes in the value will cause problems. I was doing this and I couldn't figure a way around it by escaping either.

You should build the HTML content with the field and swap it in first, and then do a document.getElementById('myfieldid').value = thevalue; instead and it works fine.

Answer 5

When using character set UTF-8, I use the code below to get Iñtërnâtiônàlizætiøn and double (or single) quotes right:

<input type="text" name="title" value="<?php echo htmlentities(stripslashes(utf8_decode($title))); ?>" />

PS: This is useful after someone submitted the form, but when the input is not validated.

Answer 6

I suppose your "text box" is an HTML <input> element?

If so, you are displaying it using something like this:

echo '<input name="..." value="' . $yourValue . '" />';

If it's the case, you need to escape the HTML that's contained in your variable, with htmlspecialchars:

echo '<input name="..." value="' . htmlspecialchars($yourValue) . '" />';

Note that you might have to add a couple of parameters, especially to specify the encoding your are using.

This way, considering $yourValue has been initialized like this :

$yourValue = '5 " inches';

You'll get from this generated HTML:

<input name="..." value="5 " inches" />

To that one, which works much better:

<input name="..." value="5 &quot; inches" />

Answer 7

For UTF-8 I went for htmlspecialchars($value, ENT_QUOTES, "UTF-8") which did the trick.

stack source

Answer 8

Try this

 echo '<input name="..." value="' . htmlspecialchars(stripslashes($yourValue)) . '" />';

or

<input name="..." value="<?php echo htmlspecialchars(stripslashes($value)); ?>">

Good luck ;)

Answer 9

Use htmlentities:

<input value="<?php echo htmlentities($value);?>">