3

I have problem , I want to echo the string which is html tag, so I don't know how to say that but this is my code

echo '<input type="hidden" name="id" value='.($row['id']).'>';

where the value of $row['id'] is '<b>test</b>', the problem is on the output of the echo, the closing tag of <b> will close the input tag, so the value of input just '<b' thanks.

Improve this question
2
  • run it through htmlentities function. Commented Aug 7, 2013 at 15:28
  • Your just missing a set of double quotes around the value.. Commented Aug 7, 2013 at 15:30

5 Answers 5

Reset to default
5

htmlentities($row['id'],ENT_QUOTES) this will encode < > to &lt; and &gt;

$str = "A 'quote' is <b>bold</b>";


echo htmlentities($str);
// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;

echo htmlentities($str, ENT_QUOTES);
// Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;

Both above are correct, second one safer.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4
  1. Pass data through htmlspecialchars to make it safe for inserting into HTML attributes (by converting characters with special meaning to entities).
  2. Quote attribute values (your code doesn't have " around the outputted row id) so that spaces, = and so on will be treated as part of the value

Such:

echo '<input type="hidden" name="id" value="'. htmlspecialchars($row['id']) . '">';

Or, better yet, don't output chunks of markup in PHP mode, switch to straight output mode until you need a variable / function call:

<input type="hidden" name="id" value="<?php echo htmlspecialchars($row['id']); ?>">
Improve this answer

Comments

3

Use htmlspecialchars within your echo statement, like so:

echo '<input type="hidden" name="id" value="' . htmlspecialchars($row['id']) . '">';

Also added quote marks for the value of value.

Improve this answer

3 Comments

Use what? This is a game of spot-the-difference. Answers should explain what they are doing.
It's pretty obvious what had changed. Regardless, I've edited it to make it crystal clear.
You have also added quote marks around the value attribute's value. Those aren't obvious. Quote marks are easy to miss.
1

You just need to properly escape:

echo '<input type="hidden" name="id" value="'.($row['id']).'">';
Improve this answer

1 Comment

I'd use " instead of \' since other attributes are in double quotes.
-1

You will get what you want :-

htmlentities($this->input->post('txtEditor'));

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.