Quote:
Originally Posted by Fou-Lu
No no, I mean the data coming out. You don't need to change a thing with the storage, just how you display it. So for example, you would currently have <element title="a title with a " in it"> which of course would give you the "a title with a " as the title and ignore the remaining '" in it" part. You need to effectively make it so HTML can still render it but not to misinterpret it as a part of the HTML. So you want that to say <element title="a title with a " in it"> which will render correctly in the HTML. So in order to do this you simply print out the results of the description wrapped in the htmlentities or htmlspecialchars functions (both will work for single and double quotes).
Since you are using a technology that allows for prepared statements and you are accepting data from the user, definitely make use of the prepared statement.
|
I've gotten it to work. Thank you for your help. I ended up using htmlspecialchars. Was this what you suggested?
Code:
$str = $Desc;
//proper syntax for creating my anchor tag with image inside
{
echo "<a href=",$Link,">";
echo "<img src='";
echo $Image;
echo "' ";
echo "title='";
echo htmlspecialchars($str, ENT_QUOTES);
echo"'>";
echo "</a>";
}