I used an ID to get around the problem somewhat also.
//Data $_GET['quote'] ( reply )
if ($getReply = $db->prepare ('SELECT `postContent`, `postCreator`, FROM `posts` WHERE (`postID` = ?)') ) {
$getReply->bind_param('i', $_GET['quote']);
$getReply->execute();
$getReply->store_result();
if ($getReply->num_rows() > 0) {
$getReply->bind_result($postContent, $postCreator);
$getReply->fetch();
}
$getReply->free_result();
$getReply->close();
}
$value = '';
if (isset ($postContent) && isset ($postCreator)) {
$value = '[\quote='.$postCreator.'\]'.$postContent.'[/quote\]'; // \ because it likes to inject the BBCode of this forum into it.
}
<textarea><?php echo $value; ?></textarea>
Something to that effect.