I'm inserting the following TEXT value into MySQL using..
$groupname = addslashes($_POST['groupname'];
When getting the value from Mysql I'm using
$name = $row['groupname'];
echo $name;
And this show correctly as "Mr. Davis's Group"
but when this value in added to a form as
then I pass the value to another page, and retrieve it as
$name = $_POST['groupname'];
echo $name;
it show up as "Mr. Davis" keeping everything before the apostrophy.
??No clue why, i've tried adding stripslashes($_POST['groupname']; and same thing happens
<input name='groupname' type='hidden' value='$groupname' />
Will generate:
<input name='groupname' type='hidden' value='Mr Davis's Group' />
^----
At the indicated spot, the browser's parser will see the 'end' of the value=
, followed by some unknown attribute s
and a broken attribute Group '
.
To embed this type of text in a form, you need to use htmlspecialchars()
, which will convert any HTML metacharacters (<
, >
, '
, "
) into their character entity equivalents, so they can be safely embedded in a form.
addslashes()
is a deprecated method of "safely" adding something into a database. It will not make something safe to embed in HTML.
Check the text encoding of your input webpage. Match your db charset - use utf-8.