Quotes won't work while updating MySQL table from HTML form using PHP
Normally I insert a value (first name and last name in this case) to the
database using this form:
<form action="" method="post">
First name<br><input type="text" name="fname">
Last name: <br><input type="text" name="lname">
<input type="submit">
</form>
Now I want to edit the table. Retrieving the values (first name and last
name) and puts it to the next form like this:
<form action="" method="post">
First name<br><input type="text" name="fname"
value="'.$user['username'].'">
Last name: <br><input type="text" name="lname"
value="'.$user['password'].'">
<input type="submit">
</form>
But when I do it this way I can't use double quotes in the text fields. I
can use it when I insert the value to the database, but not when I want to
update the value from a form. It just cuts/end the string at the first
double quote sign..
How do you build a user friendly interface to edit their data in the table?
Btw, I use PDO to select, insert and update the table.
Thanks in advance.
Use PHP
ReplyDelete's addslashes() or htmlspecialchars() functions when displaying values retrieved from database or user etc...
addslashes($user['username']) // or
htmlspecialchars($user['username'])