Possible Duplicate: How can I properly escape HTML form input default values in PHP?

Question

Editorial Team

Asked: June 8, 20262026-06-08T17:08:05+00:00 2026-06-08T17:08:05+00:00

Possible Duplicate:
How can I properly escape HTML form input default values in PHP?

If I use a preset HTML input, for example:

$lmao=$_POST['lmao'];

echo <<<EOD
<input value="{$lmao}" name="lmao" type="text">
EOD;

If a " character gets into the variable, it will result in poo, and also a data loss on re-submission.

I could, of course:

preg_replace('/"/', '', $lmao);

But what if I wanted to keep that quote?

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-06-08T17:08:07+00:00

Editorial Team

All user-inputted data that is being output within HTML attributes should be run through htmlspecialchars. This encodes quotes and other characters:

echo '<input value="'.htmlspecialchars($lmao).'" name="lmao" type="text">';

The Archive Base Latest Questions