Viewed   110 times

We have a code like this:

echo '<input type="text" name="myInput" value="Double " Quotes" />';

Absolutely it doesn't work because the quote after Double ends the value. We can fix it by using single quotes instead of double ones.

echo '<input type="text" name="myInput" value='Double " Quotes' />';

Now I wanna use both single and double quotes as the value. It should outputs She said:"I don't know."

Is there a way to fix it WITHOUT using HTML entities (Like &quot;), htmlentities() or similar functions?



Is there a way to fix it WITHOUT using HTML entities (Like &quot;), htmlentities() or similar functions?

No, there is not. The double quote (") has special meaning inside a HTML attribute. If you want to put it into an attribute value, you must (this is not a true must but a good rule of thumb. It's a must if you use attributes delimited by double-quotes as you do in your question) write it as its entity &quot;. There is no way around it.

Actually even <tag attr='this"'> is not wrong HTML, too and most browsers can deal with that. However it doesn't help you because you're looking for both quotes - single and double - and one of these always in HTML is a delimiter of the attribute value - if you need spaces inside the attribute value (as you do).

However, do not worry about that. It works, and you can express everything you like with that, including the combination of quotes you have.

And actually PHP is there for you to take the burden of "escaping" all those characters just with the htmlspecialchars method doing all the work for you. Inside a PHP string you have the original text - with single and double quotes as you see fit - verbatim.

$myString = 'She said: "I don't know."';
printf('<input type="text" name="myInput" value="%s" />'
       , htmlspecialchars($myString));

Just a shortened example that should demonstrate how this works. Online demo.

Saturday, November 26, 2022
<form name="add" method="post">
     <select name="age">
        <option value="1_sre">23</option>
        <option value="2_sam">24</option>
        <option value="5_john">25</option>
     <input type="submit" name="submit"/>

You will have the selected value in $_POST['age'], e.g. 1_sre. Then you will be able to split the value and get the 'stud_name'.

$stud = explode("_",$_POST['age']);
$stud_id = $stud[0];
$stud_name = $stud[1];
Tuesday, October 4, 2022

The usual workflow:

  1. Provide a Javascript rich-text editor for your users such as TinyMCE:
  2. Grab the source generated by the RTE and filter it through HTML Purifier before saving to the database.
  3. Escape the existing HTML: <div id="myHtml" style="display: none"><?php echo htmlentities($html); ?></div>
  4. Re-populate the RTE via Javascript - in the case of TinyMCE as follows: tinyMCE.activeEditor.setContent($('#myHtml').html());

You can also load the HTML content via AJAX.

Tuesday, December 27, 2022

You just need to escape it correctly.

alias xxx="svn status | awk '$1 =="M"{print $2;}'"
Tuesday, December 20, 2022

I see a difference if you have special characters :

Ex :

grep "foo$barbase" file.txt

The shell will try to expand the variable $barbase, this is maybe not what you intended to do.

If instead you type

grep 'foo$barbase' file.txt

$bar is taken literally.

Finally, always prefer single quotes by default, it's stronger.

Sunday, November 13, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :