Home/ Questions/Q 7592515
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T20:55:34+00:00

When I use the code provided below everything works fine unless there is an

  • 0

When I use the code provided below everything works fine unless there is an apostrophe or other html special characters in the SESSION I am trying to pass in the value. I have tried both htmlspecialchars() and htmlentities() with no success. please help.
thanks,
James

<?php
<form action='ashlyBlogBig2.php' method='POST'> 
    <input type='hidden' name='title'   value='{$_SESSION['title']}'/>
    <input type='hidden' name='time' value='{$_SESSION['time']}'/>
    <input type='hidden' name='blog' value='{$_SESSION['blog']}'/>
    <input type='submit' name='to you' class='productButtons' value='Read On. . . .'>
</form> ";
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use ENT_QUOTES as the second param to htmlentities(), to be certain that both single and double quotes are encoded inside the variable.

    echo  "<input type='hidden' name='blog' value='" . htmlentities($_SESSION['blog'], ENT_QUOTES) . "'/>"

    Since htmlentities() is a function call, it cannot be interpolated inside a double-quoted string the way a variable, array element, or object property can. You must close the currently open string and concatenate in the return of a function call.

    The ENT_QUOTES flag to htmlentities() encodes both single and double quotes, making a string suitable for use inside an HTML attribute (which is already quoted).

    • 0