wongadob Posted November 23, 2011 Share Posted November 23, 2011 Hi all, I am sure there are topics on this somewhere, but I have read through numerous articles on escaping characters, but just do not know what I should be doing with this. I have some PHP code which is taking values from my SQL database to create a form. One of the items is read from the database to create a list of surveys that have an attached checkbox. I am also transfering some hidden data to my nect PHP file. I have taken the outputted HTML from the PHP and put it into the validator and it has produced lots of errors. most I have fixed, but I cannot figure out this '&' error. I know it should be escaped with &, but it is coming direct from the database. I have tried running it through mysql_escape_String, but that does not seem to fix it and i kind of figured that is for the other way round! maybe? Anyway here is come code. Firstly the PHP code print "<input type='hidden' value='".mysql_escape_string($fullsurveylistName[$x])."' id='fullsurveylistname".$x."' name='fullsurveylistname".$x."' />\n"; I did also originally have print "<input type='hidden' value='".$fullsurveylistName[$x)."' id='fullsurveylistname".$x."' name='fullsurveylistname".$x."' />\n"; Both generate this <input type='hidden' value='Visual Inspection Internal & External' id='fullsurveylistname20' name='fullsurveylistname20' /> Which is causeing this error in the validator Line 199, Column 56: xmlParseEntityRef: no name…en' value='Visual Inspection Internal & External' id='fullsurveylistname20' na…And also this warning which I would also like to get rid ofLine 199, Column 56: character "&" is the first character of a delimiter but occurred as data…en' value='Visual Inspection Internal & External' id='fullsurveylistname20' na…✉<p class="ve mid-404">This message may appear in several cases: You tried to include the "<" character in your page: you should escape it as "<" You used an unescaped ampersand "&": this may be valid in some contexts, but it is recommended to use "&", which is always safe. Another possibility is that you forgot to close quotes in a previous tag. Any help much appreciated.... Link to comment Share on other sites More sharing options...
thescientist Posted November 23, 2011 Share Posted November 23, 2011 http://php.net/manual/en/function.htmlentities.php Link to comment Share on other sites More sharing options...
Ingolme Posted November 23, 2011 Share Posted November 23, 2011 You have to substitute & characters for & since & is an entity delimiter. PHP uses the htmlspecialchars() function to escape HTML characters, < > ' " and & Link to comment Share on other sites More sharing options...
wongadob Posted November 23, 2011 Author Share Posted November 23, 2011 Cheers that has done the trick! I was going it totally the wrong dir with mysql_esacpe_string malarky! Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.