How to have quotation marks in HTML input values [duplicate]

This question already has ans开发者_Go百科wers here: How do I properly escape quotes inside HTML attributes? (6 answers) Closed 8 years ago.

I have the following problem - from the server side I get a string like 'hoschi"brother'.

I want to put this string into a <input value"MYSTRING" />. This results in something like <input value"hoschi" brother" /> which obviously does not work.

Is there a workarounds for this?

Does escaping the " character with " work within the value tag?

---

Yes, using " works:

<input type="text" name="last_name" value="&quot;My quote!&quot;" />

---

does escaping the " character with " work within the value tag?

Yes. (This isn't a workaround though. It is how HTML is designed to work.)

Alternatively, if the value contains only single quotes or only double quotes, then you can use the other to delimit the attribute instead.

---

As it's a form field, folks will type anything they like in there which may or may not include a nice mixture of double and single quotes. Adding these to the database is easy, escape them with " / ' etc.

Nicely enough if you put " in the value clause of an input, it displays " on the screen as you want it to. Single quotes are a doddle, they can be as is if need be as their within doubles.