0

I have an ajax function to get a modal form, from a php file. The php file, have this line:

(...)
<p class='form-control-static' id='cliente'>".$row['temp_metal_com_vs']."</p>"
(...)

where $row['temp_metal_com_vs'] is a text field from a database, that returns: "424<=HP<=490 | 324 < MP<=385".

But, when the modal is interpreted, it shows only the "424<=HP<=490 | 324", it´s missing the rest of the text (< MP<=385). With Chrome Inspector, I realize that the rest of the text () has another color. Any idea? Maybe the text means some html tag? How can I get this around? When I'm making this post, if I put the letters '<' and 'MP' together (without the space) it happens the same. In my example, consider the '<' and 'MP' without space between them. Thanks

Mario Cordeiro
  • 119
  • 3
  • 14
  • 1
    You need to escape any text that should not be interpreted as HTML. – Matt Ball Feb 18 '14 at 05:04
  • 1
    possible duplicate of [What's the best method for sanitizing user input with PHP?](http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php) – Matt Ball Feb 18 '14 at 05:05
  • Thanks for your help. I make the following change and resolve: **

    ".htmlentities($row['temp_metal_com_vs'],ENT_NOQUOTES,UTF-8)."

    **     – Mario Cordeiro Feb 18 '14 at 05:46

0 Answers0