All geek questions in one place

How to strip quotes from input window using PHP

I have it:

<input name="title" type="text" class="inputMedium" value="' . $inputData['title'] . '" />

I want to remove quotes from user input so that if someone enters something like: โ€œThis is my headerโ€, it will not ruin my code.

I tried this and it does not work: $ inputData ['title'] = str_replace ('' ',' ', $ _POST [' title ']);

+4
source share
3 answers

If I understand the question correctly, do you want to remove " from $inputData['title'] so that your HTML code is not corrupted?

If so, the โ€œrightโ€ solution is not to remove the double quotes, but to escape them before the actual output.


Given that you are generating HTML , you should use the htmlspecialchars function ; thus, double quotes (and several other characters) will be encoded for HTML objects and will not cause any problems when entering HTML into your markup.

For instance:

 echo '<input name="title" type="text" class="inputMedium" value="' . htmlspecialchars($inputData['title']) . '" />';

Note: depending on your situation (especially about the encoding / encoding you can use), you can pass some additional parameters to htmlspecialchars .


Generally speaking, you should always avoid the data you send as output, no matter what output format you have.

For instance:

+5
source

User input must be done through htmlspecialchars() , which will be used in this case.

+1
source

I highly recommend you use htmlentities ($ string, ENT_QUOTES) before showing anything created by the user anywhere ...

-2
source

Source: https://habr.com/ru/post/1301623/

More articles:


All Articles