Use of double quotes in a 'input type=“text”' value wont work, string stops at double-quote !

Question

How can I make it possible for users to use the \'\"\' (double quote) inside a textfield...

Whenever I do use double-quote in the field (the value) then when receiving t

Answer 1

You're mixing up two things: mysql_real_escape_string is used to prepare strings for storing in a mysql database. htmlentities is used to prepare strings for echoing in the browser. Both are important to do, but calling one after the other on the same string can't be expected to work. Do something like the following:

// Copy string after escaping for mysql into $db_headline
$db_headline= mysql_real_escape_string($_POST['headline']);

// Copy string after escaping for page display into $html_headline
$html_headline = htmlentities($_POST['headline']);

// Store the headline in the database

...

?>


...