I am creating an HTML form (to send a plain text email, using Swift Mailer ..but that's not important right now), using PHP server-side, where I want to display the user's text input for them to finally confirm before actually sending the email.
I use nl2br(htmlspecialchars()) to display the user's form field input safely, and then need to output that input into an <input type="hidden" ../> form field to be submitted again for actually creating the email.
The email body can obviously contain all sorts of potentially troublesome characters such as single and double quotes, ampersands, less-then and greater-than symbols.
In the context of my input field, am I right in thinking that my sole(?) problem is ensuring that the form quotes around value=".." (I usually use double quotes) and any quote characters in the input string value don't clash with each other? Is there a PHP function along similar lines to htmlspecialchars which will escape quotes as necessary? I don't want to convert anything into HTML entities as the email that I will be sending will be plain text.
