I have a HTML form value as a PHP function: value=’.$item->get_title().’ (This is in

Question

0

Asked: June 4, 20262026-06-04T19:54:56+00:00 2026-06-04T19:54:56+00:00

I have a HTML form value as a PHP function: value=’.$item->get_title().’ (This is in

0

I have a HTML form value as a PHP function: value='".$item->get_title()."' (This is in an echo statement hence the single quotes.) The problem is that if the returned title contains any quotes it breaks the value function.

Example: value="Kim Dotcom lawyer blasts US government" s "pattern of delay &quote;'>

As you can see it breaks at government. There is supposed to be an apostrophe after that.

Does anyone know a fix for this?

The fix: value='".htmlspecialchars($item->get_title(), ENT_QUOTES)."'

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T19:54:57+00:00

Editorial Team

2026-06-04T19:54:57+00:00Added an answer on June 4, 2026 at 7:54 pm

Use htmlspecialchars to escape output not meant to be rendered as HTML:

value="'.htmlspecialchars($item->get_title(), ENT_QUOTES).'"

By default, htmlspecialchars only escapes double quotes, not single quotes. If you want to escape both (and so maintain your practice of putting HTML values in single quotes), add ENT_QUOTES as the second parameter to htmlspecialchars.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a HTML form value as a PHP function: value=’.$item->get_title().’ (This is in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply