This question already has an answer here:
-
Single and double quotes together as HTML attribute value?
2 answers
For a variable inside a echo that contains HTML, where would I add slashes to escape the double quotes?
Example:
echo "<input type=\"hidden\" name=\"id\" value=".$row['id']." />";
This part:
value=".$row['id']."
Some tips on outputting HTML with PHP:
- Use single quotes so that you don't have to escape the double quotes (when using echo),
- Use
htmlspecialchars()
to properly escape any "rogue" values you may have.
Example using echo
:
echo '<input type="hidden" name="id" value="', htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'), '" />';
Or printf()
:
printf('<input type="hidden" name="id" value="%s" />',
htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8')
);
Or, in HTML mode:
?>
<input type="hidden" name="id" value="<?php echo htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'); ?>" />
<?php
Use htmlentities
:
echo "<input type=\"hidden\" name=\"id\" value=\"".htmlentities($row['id'])."\" />";
How about use single quotes so you don't have to escape any quotes.
Like so:
echo '<input type="hidden" name="id" value="'.$row['id'].'" />';