View Full Version : stripslashes() eats quotation marks?

01-05-2007, 07:55 PM

After using addslashes() to the inputs to some text fields, I need to remove them for display. When I use stripslashes() to do so, the strings with single quotes comes out fine, but in the strings with quotation marks, the quotation mark itself and any text following it do not appear. Any ideas why not?

Here's the code:

$answer01 = stripslashes($answer);
$input = "<input type=text name=answer value=\"$answer01\">";
$patterns = '/<_>/';

$name = preg_replace($patterns, $input, $title);

using this:
isn\'t comes out isn't
bears\" comes out bears

Thanks for your help.

01-05-2007, 08:11 PM
if you look at the html source, do you see the rest of the text? if your string were:
she said "look at those bears"
then the output will be:

<input type=text name=answer value="she said "look at those bears">

which isn't valid html

01-05-2007, 08:45 PM
Thanks for answering. Yes, I sure do. I'm using the quotation marks in the input so all the words in the string appear. Without them, only the first word shows up.

01-05-2007, 08:54 PM
NogDog provided this, which turns out the work perfectly:

If you're going to output a string between double-quotes as a HTML attribute value, then any double-quotes within that string will have to either be escaped, or replaced with the applicable HTML entity:

PHP Code:
$answer01 = stripslashes($answer);
$input = "<input type=text name=answer value=\"".htmlspecialchars($answer01)."\">";