Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 3 down vote favorite


I made some CMS in PHP which manipulates with data from MySQL.
In my CMS, i have some input fields in which I would like to have jQuery's fancy autocomplete implemented. Basically, the idea is to create jQuery's arrays from MySQL tables...

I'm working with PHP 5.3.0, MySQL 5.0.82 and Eclipse 3.4.2. My PHP project in Eclipse is UTF-8 encoded. My CMS pages are in UTF-8 character encoding (<meta http-equiv="Content-type" content="text/html; charset=UTF-8" />). Website itself is also in UTF-8 encoding. MySQL database, and all tables are in UTF-8 (utf8_general_ci).

At this point everything works fine if I am entering only letters (even international and some weird symbols), but if I enter some of these characters ", &, < or >, I run into some serious problems...

When I enter such text, everything looks fine in my database, but when I try to create an array for jQuery, it creates an error because of quotes (I suppose that even single quotes are problem here)... So I suppose I should escape them somehow, right? Then I use PHP's htmlspecialchars and jQuery's array is created correctly. Even when I click inside input field and start typing text, autocomplete shows all those characters correctly. But if I actually select one of the records with those characters, they suddenly appear like html's escaped characters (&quot;, &amp;, &lt;, &gt;). So I tried to apply htmlspecialchars_decode to that same input field but it didn't help... Is there a way to display those characters correctly in my input field when I select a record from jQuery's autocomplete?

I've tried to google the problem, but I couldn't find anything to solve my problem... Please help!
Thanks in advance!

EDIT: This is the way I am creating an array for jQuery ($tags is just a simple array):

<?php
$t = implode(", ", $tags);
?>
<script>
$(document).ready(function(){
    var data_tags = "<?php echo htmlspecialchars($t); ?>".split(" | ");
    $("#input_tags").autocomplete(data_tags, { multiple: true, multipleSeparator: ", " });
});
</script>

I know it is maybe not the best way, but generally it works :)

I am generating an input field this way:

<?php

function inputField($label, $name, $type, $size, $default=NULL, $misc=NULL){

    $printInput = "<tr><td align=\"right\" valign=\"top\">\n";
    $printInput .= $label;
    $printInput .= "</td><td>\n";
    $printInput .= "<input type=\"".$type."\" size=\"".$size."\" name=\"".$name."\" id=\"".$name."\" value=\"".$default."\"> ".$misc."\n";
    $printInput .= "</td></tr>\n";

    return $printInput;

}

echo inputField("TAGS", "input_tags", "text", 70, $db_tags);
?>
share|improve this question
Are they being double encoded maybe? – alex Jan 31 '10 at 23:15
Nope.. I am inserting strings into and getting out from db without any special functions... Just 'as it is'... :) – errata Jan 31 '10 at 23:19

2 Answers

up vote 4 down vote accepted

Try json_encode(), which requires PHP 5.2.0 or greater.

EDIT You don't need the quotes around a json_encoded value:

var data_tags = <?php echo json_encode($t); ?>;
share|improve this answer
If i replace htmlspecialchars() with json_encode() I get into turbo-chaos! International characters (like č, ć, ž, š, đ) are all messed up, even my autocomplete doesn't work anymore! :( – errata Jan 31 '10 at 23:23
@errata: can you show us an example of the code you're writing? – Luca Matteis Jan 31 '10 at 23:29
Of course I can... I edited my first post already, and will update it with some more code... – errata Jan 31 '10 at 23:39
You don't need quotes, as I'm showing in my edit. – Luca Matteis Jan 31 '10 at 23:47
Luca, YOU ARE MY HERO!!! It really worked without qoutes :) From now on, I hate everything related to any quotation marks anywhere ever! Luca++ :) – errata Jan 31 '10 at 23:54
up vote 0 down vote

Try using htmlentities(); instead.

share|improve this answer
I've tried that already, but if i replace htmlspecialchars() with htmlentities() I get even worse mess than with json_encode()! All characters which are not latin letters are in complete mess! You know this one: ��� :) – errata Jan 31 '10 at 23:32

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.