I have a form with textarea:

Code:

  <td><textarea name="Who_Now" rows="4" cols="50" MaxChars="750" id="text1" onkeypress="if (this.value.length >= parseInt(this.attributes['MaxChars'].value)) return false;" onkeyup=" document.getElementById( this.id+'_charsCount' ).innerHTML = (parseInt(this.attributes['MaxChars'].value)-parseInt(this.value.length))+' characters left.';"></textarea><br><span id="text1_charsCount">750 characters left</span></td>

Then I receive the info on the confrimation page:

Code:

$webinfo13=mysql_real_escape_string($_POST['Who_Now']);

Now if the form doesn't pass, I am trying to echo the info back into the textarea:

Code:

<textarea name="Who_Now" rows="4" cols="50"><?php echo stripslashes(htmlspecialchars($webinfo13); ?></textarea>

However the output is not what was typed if the user typed quotes into the textarea....??? It works on the input fields but not in the textarea??

Any help?

PHP Code:

$webinfo13=mysql_real_escape_string($_POST['Who_Now']); 


The escape should remove the quotes and double quotes from the input. So even if they're entering them...they don't get saved, at least....I'm pretty sure.

http://us3.php.net/mysql_real_escape_string

edit:

But one thing I can think of...Is I'm assuming you're echo'ing a session variable? What I would do is....

Code:

if(!formPasses)
{
session echo = $_POST['Who_Now']
}
else
{
session echo = mysql_real_escape_string($_POST['Who_Now']);
}

that way, when the form fails, they see what they inputted, otherwise, you save what you want to be inputted (the escaped string)

If I enter into the form textarea:

Matt's "test<br>Matt's "test<br>Matt's "test

the code I use to show what they typed in the validation page (before submitting to database:

Code:

<textarea name="Who_Now" rows="4" cols="50"><?php echo ($webinfo13); ?></textarea

and I get..

matt\'s \"test\"<br>\r\nmatt\'s \"test\"<br>\r\nmatt\'s \"test\"

Quote:

Originally Posted by weddingm

I have a form with textarea:

Code:

  <td><textarea name="Who_Now" rows="4" cols="50" MaxChars="750" id="text1" onkeypress="if (this.value.length >= parseInt(this.attributes['MaxChars'].value)) return false;" onkeyup=" document.getElementById( this.id+'_charsCount' ).innerHTML = (parseInt(this.attributes['MaxChars'].value)-parseInt(this.value.length))+' characters left.';"></textarea><br><span id="text1_charsCount">750 characters left</span></td>

Then I receive the info on the confrimation page:

Code:

$webinfo13=mysql_real_escape_string($_POST['Who_Now']);

Now if the form doesn't pass, I am trying to echo the info back into the textarea:

Code:

<textarea name="Who_Now" rows="4" cols="50"><?php echo stripslashes(htmlspecialchars($webinfo13); ?></textarea>

However the output is not what was typed if the user typed quotes into the textarea....??? It works on the input fields but not in the textarea??

Any help?

I think your problem is this line:
<?php echo stripslashes(htmlspecialchars($webinfo13); ?>

You missed a bracket
<?php echo stripslashes(htmlspecialchars($webinfo13)); ?>

Quote:

You missed a bracket
<?php echo stripslashes(htmlspecialchars($webinfo13)); ?>

now I get

matt's "test"<br>rnmatt's "test"<br>rnmatt's "test"<br>rnmatt's "test"<br>rnmatt's "test"

Can you please specify what you want it to output in that example?

Code:

<?php echo str_replace ("<br>","\n",stripslashes(htmlspecialchars($webinfo13))); ?>

Try this. Should convert <br> to the regular \n line break.