Home/ Questions/Q 728405
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T06:40:39+00:00

Here is a validation script from a book I am learning, Why is escaping

  • 0

Here is a validation script from a book I am learning, Why is escaping the quotation marks necassery? e.g. <option value=\"char\">char</option>

<?php
//validate important input
if ((!$_POST[table_name]) || (!$_POST[num_fields])) {
    header( "location: show_createtable.html");
           exit;
}

//begin creating form for display
$form_block = "
<form action=\"do_createtable.php\" method=\"post\">
<input name=\"table_name\" type=\"hidden\" value=\"$_POST[table_name]\">
<table cellspacing=\"5\" cellpadding=\"5\">
  <tr>
    <th>Field Name</th><th>Field Type</th><th>Table Length</th>
  </tr>";

//count from 0 until you reach the number fo fields
for ($i = 0; $i <$_POST[num_fields]; $i++) {
  $form_block .="
  <tr>
  <td align=center><input type=\"texr\" name=\"field name[]\"
  size=\"30\"></td>
  <td align=center>
    <select name=\"field_type[]\">
        <option value=\"char\">char</option>
        <option value=\"date\">date</option>
        <option value=\"float\">float</option>
        <option value=\"int\">int</option>
        <option value=\"text\">text</option>
        <option value=\"varchar\">varchar</option>
        </select>
  </td>
  <td align=center><input type=\"text\" name=\"field_length[]\" size=\"5\">
  </td>
</tr>";
}

//finish up the form 
$form_block .= "
<tr>
    <td align=center colspan=3><input type =\"submit\" value=\"create table\">
    </td>
</tr>
</table>
</form>";

?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Create a database table: Step 2</title>
</head>

<body>
<h1>defnie fields for <? echo "$_POST[table_name]"; ?> 
</h1>
<? echo "$form_block"; ?>

</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Escaping the quotation marks inside a string prevents them from ending the string. For example:

    $str = "Hi this is a "broken" string";

    Essentially the PHP parser sees multiple statments: "Hi this is a", broken, and "string ". It becomes an invalid line of code.

    When the parser encounters the first quotation mark, it knows it’s found a string, and it knows that the next quotation mark tells it where the string ends. If you want to have quotation marks inside your string, you need to tell the parser that they aren’t the end of the string by escaping them with backslashes in front.

    If you start your string with single quotes, ', then you only need to escape single quotes inside your string. Same with double quotes. These two lines are both valid code:

    $str = "This string is 'not' broken";
$str = 'This string is also "not" broken';

    You just have to watch for whichever one you used to open and close the string.

    • 0