I'm inserting the following TEXT value into MySQL using..
$groupname = addslashes($_POST['groupname'];
When getting the value from Mysql I'm using
$name = $row['groupname'];
echo $name;
And this show correctly as "Mr. Davis's Group"
but when this value in added to a form as
then I pass the value to another page, and retrieve it as
$name = $_POST['groupname']; echo $name;
it show up as "Mr. Davis" keeping everything before the apostrophy.
??No clue why, i've tried adding stripslashes($_POST['groupname']; and same thing happens
Will generate:
At the indicated spot, the browser's parser will see the 'end' of the
value=
, followed by some unknown attributes
and a broken attributeGroup '
.To embed this type of text in a form, you need to use
htmlspecialchars()
, which will convert any HTML metacharacters (<
,>
,'
,"
) into their character entity equivalents, so they can be safely embedded in a form.addslashes()
is a deprecated method of "safely" adding something into a database. It will not make something safe to embed in HTML.Check the text encoding of your input webpage. Match your db charset - use utf-8.