skip to Main Content

The text that was suppose to be inside the input element is part in part out of that element input field.

The value content is a snippet of html code. (see bellow)

The value of the input is set on the input element creation with given snippet code as value.

<?php
$body_content = '' //the variable is set with the value posted bellow but is the result of a a $var['field'] of a mysqli_fetch_assoc of a mysqli_query

echo ("
<div>
  <label>Body<input type='text' name='body' required value='$body_content'></label>
</div>
");
?>

The text pulled from the db is as follows:

<p>Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</p><h2 class="section-heading">Heading</h2><p>Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</p><figure><blockquote class="blockquote"><p class="mb-0">Lorem Ipsum is simply dummy text of the printing and typesetting industry.</p></blockquote></figure><h2 class="section-heading">Heading</h2><p>Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</p><a href="#"><img class="img-fluid" src="assets/img/post_sample_image.jpg"></a><span class="text-muted caption">Lorem Ipsum is simply dummy text of the printing and typesetting industry.</span><p>Lorem Ipsum is simply dummy text of the printing and typesetting industry.</p><p><span>Placeholder text by&nbsp;</span><a href="http://spaceipsum.com">Ipsum</a><span>&nbsp;Photographs by&nbsp;</span><a href="https://www.flickr.com/photos/nasacommons/">Lorem</a>.</p>

I suspect that the cause of the problem are the special characters.

I want to know if there is a simpler option to solve this problem.

I need those special characters too.

3

Answers


  1. Chosen as BEST ANSWER

    I found the solution.

    php.net htmlspecialchars

    $body_content = htmlspecialchars($row['body'], ENT_QUOTES);
    

    After this I had the opposite problem; "How to send html snippets to the Data Base". I found this great resource on Escapism to solve most of the problems of working with text inside code.


  2. You need to escape html special characters (probably using htmlspecialchars):

    echo("
    <div>
      <label>Body<input type='text' name='body' required value='" . htmlspecialchars($body_content, ENT_QUOTES) . "'></label>
    </div>
    ");
    ?>
    
    Login or Signup to reply.
  3. It’s because your database contains html code, and you haven’t properly escaped it before outputting the value.

    Use htmlspecialchars function and wrap it around your body content variable.

    http://php.net/manual/en/function.htmlspecialchars.php

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search