How to have quotation marks in HTML input values [duplicate]

40
votes

I have the following problem - from the server side I get a string like 'hoschi"brother'.

I want to put this string into a <input value"MYSTRING" />. This results in something like <input value"hoschi" brother" /> which obviously does not work.

Is there a workarounds for this?

Does escaping the " character with &quot; work within the value tag?

3
htmlescaping

3 Answers

72
votes

Yes, using &quot; works:

<input type="text" name="last_name" value="&quot;My quote!&quot;" />
15
votes

does escaping the " character with &quot; work within the value tag?

Yes. (This isn't a workaround though. It is how HTML is designed to work.)

Alternatively, if the value contains only single quotes or only double quotes, then you can use the other to delimit the attribute instead.

2
votes

As it's a form field, folks will type anything they like in there which may or may not include a nice mixture of double and single quotes. Adding these to the database is easy, escape them with " / ' etc.

Nicely enough if you put " in the value clause of an input, it displays " on the screen as you want it to. Single quotes are a doddle, they can be as is if need be as their within doubles.