Why is my PHP string variable breaking where there is a space?

Question

My PHP variable 'contractorcompany' usually has spaces in its value but when I try to use the value in a form it breaks at the space.

PHP

 <?php

         
         include "msbkeys.php";

if(isset($_POST['editcontractor']))
{
    
       $contractorid = $_POST['contractorid'];
    $contractorfirstname = $_POST['contractorfirstname'];
    $contractorlastname = $_POST['contractorlastname'];
    $contractorcompany = $_POST['contractorcompany'];
    $contractoremail = $_POST['contractoremail'];
    $contractorphone = $_POST['contractorphone'];
    echo "$contractorcompany";
echo "<form method='POST'>
<input type='hidden' name='contractorid' value=" .$contractorid.  ">
     First name: <input type='text' name='firstname' value=" .$contractorfirstname. ">
  <br/>
  Last name: <input type='text' name='lastname' value=" .$contractorlastname. ">
  <br/>
  Company: <input type='text' name='company' value='".$contractorcompany."'>
  <br/>
  Email: <input type='text' name='email' value=" .$contractoremail. ">
  <br/>
  Phone: <input type='text' name='phone' value=" .$contractorphone. ">
  <br/>
  <input type='submit' name='updatecontractor' value='Submit'>
</form>";

}
mysqli_close($db); // Close connection   

?>

When this value is for example 'Grant Grouting', it breaks as per line 6 below.

<form method="post">
  <input type="hidden" name="contractorid" value="3">
  <input type="hidden" name="contractorfirstname" value="Tom">
  <input type="hidden" name="contractorlastname" value="Grant">
  <input type="hidden" name="contractoremail" value="tomgrant@grouting.com">
  <input type="hidden" name="contractorcompany" value="Grant" grouting>
  <input type="hidden" name="contractorphone" value="">
  <input name="editcontractor" type="submit" value="Edit this contractor">
</form>

I've tried every combination of quotation marks around the variable but am still not getting the full string passed through the form.

Replace `" .$contractorphone. "` by `'" . htmlspecialchars($contractorphone, ENT_QUOTES) . "'` or `\"" . htmlspecialchars($contractorphone) . "\"` (same for the others) — julp, Jun 02 '21 at 22:15

score 0 · Accepted Answer · answered Jun 02 '21 at 22:18

You just missed the quotes for the values:

<?php

         
         include "msbkeys.php";

if(isset($_POST['editcontractor']))
{
    
       $contractorid = $_POST['contractorid'];
    $contractorfirstname = $_POST['contractorfirstname'];
    $contractorlastname = $_POST['contractorlastname'];
    $contractorcompany = $_POST['contractorcompany'];
    $contractoremail = $_POST['contractoremail'];
    $contractorphone = $_POST['contractorphone'];
    echo "$contractorcompany";
echo "<form method='POST'>
<input type='hidden' name='contractorid' value='" .$contractorid.  "'>
     First name: <input type='text' name='firstname' value='" .$contractorfirstname. "'>
  <br/>
  Last name: <input type='text' name='lastname' value='" .$contractorlastname. "'>
  <br/>
  Company: <input type='text' name='company' value='".$contractorcompany."'>
  <br/>
  Email: <input type='text' name='email' value='" .$contractoremail. "'>
  <br/>
  Phone: <input type='text' name='phone' value='" .$contractorphone. "'>
  <br/>
  <input type='submit' name='updatecontractor' value='Submit'>
</form>";

}
mysqli_close($db); // Close connection   

?>

I've now realised that I had used incorrect quote marks in the other form that passes the data to this one. Problem now solved by changing `` to `` Thank you everyone. — Tom Mitchell, Jun 02 '21 at 22:29

score -1 · Answer 2 · answered Jun 02 '21 at 22:11

-1

Try to sanitize the output with addslashes for example.

answered Jun 02 '21 at 22:11

tres.14159

850
1
16
26

What does `addslashes` have to do with sanitization and why would you ever want to do that? – Dharman Jun 02 '21 at 22:12

Why is my PHP string variable breaking where there is a space?

2 Answers2