Encode/Decode HTML
Moderator: General Moderators
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Encode/Decode HTML
Hello,
I am having trouble figuring out which functions I should use to save HTML data to a database, and then retrieve it turning it back into HTML.
Thanks!
I am having trouble figuring out which functions I should use to save HTML data to a database, and then retrieve it turning it back into HTML.
Thanks!
Re: Encode/Decode HTML
I usually use Serlialze to store HTML in a table field. others have their own methods too though
Re: Encode/Decode HTML
why serialize HTML..? what does that achieve?
Basically if you trust the input, you can store HTML directly (just remember escaping it with the proper database functions). If it's user input and you need to protect against XSS attacks, you can use a filtering library such as HTML Purifier - http://htmlpurifier.org/
Basically if you trust the input, you can store HTML directly (just remember escaping it with the proper database functions). If it's user input and you need to protect against XSS attacks, you can use a filtering library such as HTML Purifier - http://htmlpurifier.org/
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Re: Encode/Decode HTML
Okay, which functions are they to do the "to mysql" and "from mysql" commands, cause my HTML keeps getting messed up when it's saved.
Thanks for the htmlpurifier.org link.
Thanks for the htmlpurifier.org link.
Re: Encode/Decode HTML
Can you elaborate on what "messed up" means in this context and also give code examples of how you insert / retrieve data from the database?cause my HTML keeps getting messed up when it's saved.
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Re: Encode/Decode HTML
htmlentities is used to put the data in the database, and html_entity_decode is used before its displayed in the FCKeditor
If the HTML is
I get back
when it comes back from the database
If the HTML is
Code: Select all
<strong>PAGE FAILED TO LOAD</strong>Code: Select all
<strong>PAGE FAILED TO LOAD</strong>Re: Encode/Decode HTML
Information in your database should be stored in a neutral manner and not biased towards a certain medium. Basically HTML is used for displaying information and shouldn't be stored along with the information, but rather the info should be encased in HTML only when it is being viewed by hypertext media (such as a browser).
serialize (and unserialize are functions for transforming data types (such as an array or object) into a string, while still maintaining it's structure. It's handy for storing arrays and objects in databases and files etc, but it has alot of overhead. This function won't suit your needs in this case.
The htmlentities and html_entity_decode are what you need. Unfortunately a space is also converted to it's html equivalent. May I suggest a str_replace function to solve that.
A custom function would be ideal.
serialize (and unserialize are functions for transforming data types (such as an array or object) into a string, while still maintaining it's structure. It's handy for storing arrays and objects in databases and files etc, but it has alot of overhead. This function won't suit your needs in this case.
The htmlentities and html_entity_decode are what you need. Unfortunately a space is also converted to it's html equivalent. May I suggest a str_replace function to solve that.
Code: Select all
<?php
function html_encode($str) {
$str = htmlentities($str);
$str = str_replace(' ',' ',$str); // Search for and replace all occurrences of with a single space
return $str;
}
?>
Last edited by AlanG on Thu Aug 20, 2009 8:54 am, edited 1 time in total.
Re: Encode/Decode HTML
What's the point of using htmlentities to store data in the database if you intend to decode it back? the database doesn't care. The only reason to use htmlentities prior to storing the HTML would be if it would be always outputted in that format and not as plain HTML.
Re: Encode/Decode HTML
I agree with pytrin.
Escape your string by using a DB specific escape function (e.g. mysql_real_escape_string() ) and store it in the DB.
Later, you may (or may not) display it as HTML or as plain text (i.e. by using htmlentities() ) .
Escape your string by using a DB specific escape function (e.g. mysql_real_escape_string() ) and store it in the DB.
Later, you may (or may not) display it as HTML or as plain text (i.e. by using htmlentities() ) .
There are 10 types of people in this world, those who understand binary and those who don't