Hi.
There is a textarea in my page. I type a text in the textare and then in the script there is:
$text = nl2br(htmlentities($_POST['text']));
Now what is the problem?
When i type:
I'm fine.
It will be sent to db and will be printed, in both place as:
I\'m fine.
What is the solution for that?
You want to use htmlentities() or htmlspecialchars() when sending data to an HTML page, not when preparing data to be entered into a database. In fact, htmlentities() is not what is causing the I\'m. That's probably the result of addslashes, which you do want to do when escaping data to be entered into a database that is surrounded by single quotes.
The addslashes ploy, eh? I remember that. You may wish to use prepared statements so that you do not need to use single quotes around your values in SQL. Depends on how you're inserting/updating/filtering.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.