Youtube Embed code stored in database not appearing in HTML Form

Question

I have an UPDATE php page to edit a websites database that contains Youtube's embed code which then gets properly displayed when the table is called. On the update page im calling the same portion of the database to be able to change/edit the embed code but it is not displaying the original complete code only <iframe width= in the form.

<html>
<?
if (isset($_POST['update'])) {
?>

  <form method="post">
      Submitter: <input type="text" name="submitter" value="<?= $video['submitter'] ?>" /> <br />
      Video Title: <input type="text" name="videoTitle" value="<?= $video['videoTitle'] ?>" /> <br />
      Channel Name: <input type="text" name="channelName" value="<?= $video['channelName'] ?>" /> <br />
      Video Link: <input type="text" name="videoLink" value="<?= $video['videoLink'] ?>" /> <br />
      <input type="hidden" name="videoId" value="<?= $video['videoId'] ?>" />
      <input type="submit" value="Save" name="save" />  
  </form>

<?
  }//endIf
?>
</html>

Answer 1

You have to use htmlentities to convert the quotes to HTML entities.

$str = htmlentities($str);

http://php.net/manual/en/function.htmlentities.php

Use it like this:

  <form method="post">
      Submitter: <input type="text" name="submitter" value="<?= $video['submitter'] ?>" /> <br />
      Video Title: <input type="text" name="videoTitle" value="<?= $video['videoTitle'] ?>" /> <br />
      Channel Name: <input type="text" name="channelName" value="<?= $video['channelName'] ?>" /> <br />
      Video Link: <input type="text" name="videoLink" value="<?= htmlentities($video['videoLink']) ?>" /> <br />
      <input type="hidden" name="videoId" value="<?= $video['videoId'] ?>" />
      <input type="submit" value="Save" name="save" />  
  </form>

Also if you are going to be saving this data into a database be sure to call html_entity_decode on the data being sent by the form before saving it to the database.