2

This should be fairly easy but I don't see what I'm missing here:

I have my database and I want the alt attribute to be populated from it.

I have my code as follows:

  <img src="admin/uploads/retouch/'.$list->thumbnail.'" class="thumb-image" alt="'.utf8_encode(addslashes($list->titulo)).'" />

And it happens that in this case what's inside "titulo" in my database has " on it and I get this as a result in my code:

  <img ti!\""="" por="" ¡hazlo="" manos.="" en="" estÁ="" prestaciones="" tus="" mejorar="" alt="\" class="thumb-image" src="admin/uploads/retouch/noticia_default.png">

the sentence from database is: "MEJORAR TUS PRESTACIONES ESTÁ EN TUS MANOS. ¡HAZLO POR TI!"

Elaine Marley
  • 1,973
  • 6
  • 45
  • 86
  • possible duplicate of [What's the best practice to set html attribute via PHP?](http://stackoverflow.com/questions/2109583/whats-the-best-practice-to-set-html-attribute-via-php) – Jens Apr 10 '14 at 05:24

4 Answers4

8

You should be using htmlspecialchars not addslashes, with the utf8 option!

alt="'.htmlspecialchars($list->titulo, ENT_QUOTES, 'UTF-8').'"
fire
  • 20,975
  • 17
  • 77
  • 110
1

Use htmlentities or htmlspecialchars to escape strings in tag attributes.

IvanGL
  • 742
  • 5
  • 21
1

You need to escape such content using PHP function htmlspecialchars().

Gedrox
  • 3,512
  • 1
  • 19
  • 29
1

You should encode htmlentities instead of adding slashes:

alt="'.htmlentities($list->titulo, ENT_QUOTES, 'UTF-8').'"
Nicola Peluchetti
  • 74,514
  • 30
  • 136
  • 188