Question: I need to make a text entry field (of the same type as in input text) so that absolutely any characters, html tags, quotes and the like can be written there. And after clicking submit, all this was sent to the mysql table without changes.

What is the easiest way to do this? Thank.

  • one
    What confuses? What does not cause difficulty? - cheops
  • What is not satisfied with the usual input fields or textarea? and another question: do you want to put it on a public site? - Ivan Pshenitsyn
  • In the usual html form, if you enter quotes and tags, then it can be buggy and send incomplete data) I think javascript or something is needed here. - Kirill Volkov
  • one
    The input form here and why it should be buggy? Special characters screen when writing to the database and everything will be added. - Firepro
  • No, this is a project for personal use. - Kirill Volkov

1 answer 1

The input text field and textarea text field allow you to enter any characters. Problems can be only when writing to the database and when re-editing the data.

1.If you are using some modern extension, for example, PDO, you do not need to specifically screen anything, since you insert the sent text through placeholders, as is, with a string

<?php try { $pdo = new PDO( 'mysql:host=localhost;dbname=test', 'root', '', [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); $query = "INSERT INTO tbl VALUES (NULL, :name)"; $news = $pdo->prepare($query); $news->execute(['name' => $_POST['name']]); header("Location: ".$_SERVER['PHP_SELF']); } catch (PDOException $e) { echo "Ошибка выполнения запроса: " . $e->getMessage(); } ?> <!DOCTYPE html> <html lang="ru"> <head> <meta charset='utf-8'> </head> <body> <form> Имя: <input type="text" name="name" value=""><br /> <input type="submit" value="Записать"> </form> </body> </html>

2. There may be problems if you edit the text or substitute the text you just entered in the value attribute of the text field or between the tags <textarea> and </textarea> . In this case, to avoid distortion, the text is passed through the htmlspecialchars() function, which converts all interpreted characters into an HTML-safe form.

 <!DOCTYPE html> <html lang="ru"> <head> <meta charset='utf-8'> </head> <body> <form> Имя: <input type="text" name="name" value="<?php echo htmlspecialchars($_POST['name'], ENT_QUOTES); ?>"><br /> <input type="submit" value="Записать"> </form> </body> </html>
  • Thank you very much. Everything is exactly as you described. I display the text just entered for editing via value. I skipped the text through htmlspecialchars (), everything began to work. Everything except single quotes. In principle, this is not so bad, but for some reason, they still cannot be entered. - Kirill Volkov
  • @KirillVolkov; Add the second parameter ENT_QUOTES to htmlspecialchars () so that single quotes are converted too. - cheops