swiftsly
Reputation: 839
Escape double quotes with variable inside HTML echo
For a variable inside a echo that contains HTML, where would I add slashes to escape the double quotes?
Example:
echo "<input type=\"hidden\" name=\"id\" value=".$row['id']." />";
This part:
value=".$row['id']."
Upvotes: 32
Views: 92771
Answers (3)
Ja͢ck
Reputation: 173562
Some tips on outputting HTML with PHP:
- Use single quotes so that you don't have to escape the double quotes (when using echo),
- Use
htmlspecialchars()to properly escape any "rogue" values you may have.
Example using echo:
echo '<input type="hidden" name="id" value="', htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'), '" />';
Or printf():
printf('<input type="hidden" name="id" value="%s" />',
htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8')
);
Or, in HTML mode:
?>
<input type="hidden" name="id" value="<?php echo htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'); ?>" />
<?php
Upvotes: 65
elixenide
Reputation: 44831
Use htmlentities:
echo "<input type=\"hidden\" name=\"id\" value=\"".htmlentities($row['id'])."\" />";
Upvotes: 4
Bryan Elliott
Reputation: 4095
How about use single quotes so you don't have to escape any quotes. Like so:
echo '<input type="hidden" name="id" value="'.$row['id'].'" />';
Upvotes: 0
Related Questions
- Change an HTML input's placeholder color with CSS
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- Make a div fill the height of the remaining screen space
- Expansion of variables inside single quotes in a command in Bash
- When to use single quotes, double quotes, and backticks in MySQL
- Insert into a MySQL table or update if exists
- Can I write a CSS selector selecting elements NOT having a certain class or attribute?
- HTML-encoding lost when attribute read from input field