'How do I strip quotes from an input box using PHP?
I have this:
<input name="title" type="text" class="inputMedium" value="' . $inputData['title'] . '" />
I want to strip quotes from user input so that if someone enters something like: "This is my title" it wont mess up my code.
I tried this and it's not working:
$inputData['title'] = str_replace('"', '', $_POST['title']);
Solution 1:[1]
User input should be run through htmlspecialchars() to be used in this sort of case.
Solution 2:[2]
I highly recommend you to use htmlentities($string, ENT_QUOTES) before displaying anything user generated anywhere...
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | ceejayoz |
| Solution 2 | Kirzilla |