Skip to content
Advertisement

Reading CRUD wont show ” marks

I have created a CRUD system for a contact form.

If i was to input speech marks (“”) it will not input anything after and including the speechmarks

I use the VARCHAR datatype in the database and type=text in html

Example

In image 1. I have inputted symbols and standard text. This is fine.

In image 2. I have placed the speech marks after the = sign.

As you can see all the symbols and text that was entered before does not show as the speech mark is before it.

https://imgur.com/a/71I62NM

<div class="row">
   <div class="col-md-12">
   <label for="contact_name" class="form-label">Contact Name</label>
   <input type="text" class="form-control" id="contact_name" name="contact_name" value="<?= $data['record']['contact_name'] ?? '' ?>" placeholder="Enter Site Name" required><br>
     </div>
   <div class="col-12">
     <h6 for="contact_email">Contact Email</h6>
      <input type="text" class="form-control" id="contact_email" name="contact_email" value="<?= $data['record']['contact_email'] ?? '' ?>"  placeholder="Leave blank if none"><br><br>
    </div>
    <div class="col-12">
      <h6 for="contact_subject">Subject</h6>
      <input type="text" class="form-control" id="contact_subject" name="contact_subject" value="<?= $data['record']['contact_subject'] ?? '' ?>" placeholder="Floor where Machine is Locatated"> <br><br>
    </div>
    <div class="col-12">
      <h6 for="contact_message">Message</h6>
      <input type="text" class="form-control" id="contact_message" name="contact_message" value="<?= $data['record']['contact_message'] ?? '' ?>" placeholder="Floor where Machine is Locatated"> <br><br>                    
    </div>
                    

    <button type="submit">submit</button>
    </div>

Advertisement

Answer

I assume you are talking about when you echo existing values into the field when the form loads? If so, then obviously it won’t show anything after double-quotes ("), because double-quotes are also used to close the value attribute in the HTML.

So for example if the output of <?= $data['record']['contact_name'] ?? '' ?> is ABC "DEF" then the final HTML input will look like this when it’s received by your browser:

<input type="text" class="form-control" id="contact_email" name="contact_email" value="ABC"DEF""  placeholder="Leave blank if none">

The browser will see value="ABC" and think that’s the value of the field, because it interprets the " after C as the end of the value attribute’s content.

To avoid this, you must HTML-encode your output, e.g.

<?= htmlspecialchars($data['record']['contact_name'] ?? '') ?>

which in my example would output ABC&quot;DEF&quot;, which will work correctly. Demo:

<input type="text" class="form-control" id="contact_email" name="contact_email" value="ABC&quot;DEF&quot;">

Important note: You should be HTML-encoding any data you echo into your site rountinely anyway, to avoid the danger of XSS injection attacks.

Documentation: https://www.php.net/manual/en/function.htmlspecialchars.php

User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement