I am having a problem spitting out text saved into a MySQL database and displaying it in an HTML form input field. The text will spit out fine unless there is a single or double quote, then the text is spit out until the quote. The text is all in the database with the escaped slash and the the quotes but when accessing the text in an input field I can only get up to the single quote. Any help is greatly appreciated. Here is the offending code:

while ($row = mysql_fetch_array($queryLink)) {
$title = stripslashes($row['title']);
$description = stripslashes($row['description']);
$address = stripslashes($row['address']);
}
echo "<h2>Edit Link</h2>";
echo "<table>";
echo "<form method='post' action='/inc/forms.php'>";
echo "<input type='hidden' name='form' value='editLink'>";
echo "<input type='hidden' name='id' value='" . $_GET['id'] . "'>";
echo "<tr>";
echo "<td>Title: </td>";
-- > echo "<td><input type='text' name='title' size='50' value='" . $title . "' /></td>";
echo "</tr>";
echo "<tr>";
echo "<td>Description: </td>";
echo "<td><input type='text' name='description' size='50' value='" . $description . "' /></td>";
echo "</tr>";
echo "<tr>";
echo "<td>Address: </td>";
echo "<td><input type='text' name='address' size='50' value='" . $address . "' /></td>";
echo "</tr>";
echo "<tr>";
echo "<td rowspan='2'><input type='submit' value='Submit' /></td>";
echo "</form>";
echo "</table>";

add stripslashes() like value='" . stripslashes ( $title ) . "' to each

I have stripslashes in where the data gets pulled from the database, would that be all I need? Thank you.

then change single quotes to double like
value = \"$description\"

That worked. Can you explain why this works? I have never ran into this before but it works and that is what I do not get. Thank you.

The way your statements are written (with concatenation), if you have single quotes in your strings, the interpreter might be interpreting them as starting new literal strings.

//these are roughly equivalent
$variable = "some string";
$variable = 'some string';
//the big differences are the way escape codes are expanded
//and the substitution of in-string variables

//the code (version 1):
$variable = "some string";
print "The contents of \"$variable\" are \"$variable\"...\n";
//should produce
// The contents of "some string" are "some string"...

//the code (version 2):
$variable = "some string";
print 'The contents of \"$variable\" are \"$variable\"...\n';
//should produce
// The contents of \"$variable\" are \"$variable\"...

//the code (version 3):
$variable = "some string";
print 'The contents of "$variable" are "'.$variable.'"...\n';
//should produce
// The contents of "$variable" are "some string"...

Hopefully those outputs are correct, I'm a little rusty... But, you get the idea.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.