The site has a form of

<form id="commentForm" name="form_edit" method="post" action="<?php echo general::link($tpl_folder.'/send') ; ?>"> <input type="text" name="FORM[title]" class="input_1" id="title_pls"> <textarea name="FORM[text]" id="text_pls" rows="30" class="text_1"></textarea> <input type="submit" name="submit" value="Отправить сообщение"> </form>

If there are quotes in title and textarea, the data from the form is lost. Please tell me how to screen these fields?

  • You can escape quotes, but not fields. Try name="FORM[\"title\"]" or name="FORM['title']" - mix
  • If the question is related to the screening of the contents of the fields during processing, then when you receive a post request, filter the php function htmlspecialchars() . From the question is not entirely clear what you mean. - mix
  • Yes, the question is related to the screening of the field contents during processing. Please tell me where I need to add the htmlspecialchars () function? I understand this is a handler - action = "<? Php echo general :: link ($ tpl_folder. '/ Send');?>" And I don’t know where to look for it. - Digital Ua
  • tried to do so - did not work <textarea name = "FORM [text]" id = "text_pls" rows = "30" class = "text_1"> <? echo htmlspecialchars ($ FORM [text])?> </ textarea> - Digital Ua
  • this also doesn't work <textarea name="FORM[text]" id="text_pls" rows="30" class="text_1"><?php echo htmlspecialchars($_POST['FORM[text]']);?></textarea> - Digital Ua

0