Home/ Questions/Q 7585707
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T19:14:27+00:00

I have two issues When I submit the character ‘ through my HTML form

  • 0

I have two issues

  1. When I submit the character ' through my HTML form (using POST) it is fine. However, in the form I allow to modify the submitted content, when it is brought in, anything after the ' disappears. I’ve deduced that this is because when I assign the text content containing the ' to the text field, it closes the quote. For example, if I submit Hello there I’m John, it will do: <input type=text value='Hello there I'm Jon />
    So you see, the apostrophe in I'm closes the quote for the value attribute. So the only solution I can think of would be to escape the apostrophe, but even when I leave my mysql_real_escape_string() function on the content (as it’s submitted to a database escaped and retrieved for this form).
  2. Similarly, when I submit an & or a +, it disappears. This happens any time I try to print it anywhere, regardless of using the htmlspecialchars() function (which I was under the impression should encode them in HTML format for such characters, like: &amp;). so as an example, if someone enters Me & you then it will be displayed as Me you.

So I’m asking: How can I fix the above issues, seeming to have to do with special characters, despite already having them escaped (and I even tried applying the escape function again)? If there is any sample code I should supply, please let me know, but I’ve explained what I am doing to each input.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When I submit the character ' through my HTML form (using POST) it is fine. However, in the form I allow to modify the submitted content, when it is brought in, anything after the ‘ disappears. I’ve deduced that this is because when I assign the text content containing the ‘ to the text field, it closes the quote. For example, if I submit Hello there I’m John, it will do: <input type=text value='Hello there I'm Jon /> So you see, the apostrophe in I’m closes the quote for the value attribute. So the only solution I can think of would be to escape the apostrophe, but even when I leave my mysql_real_escape_string() function on the content (as it’s submitted to a database escaped and retrieved for this form).

    This has nothing to do with submitting the data. You are trying to use ' in an attribute value that is delimited with ' characters.

    Use htmlspecialchars($data, ENT_QUOTES)

    Similarly, when I submit an & or a +, it disappears. This happens any time I try to print it anywhere, regardless of using the htmlspecialchars() function (which I was under the impression should encode them in HTML format for such characters, like: &). so as an example, if someone enters Me & you then it will be displayed as Me you.

    In data encoded as application/x-www-form-urlencoded & means "Start of new key=value pair" and + means "A space". You need to urlencode($data).

    • 0