Encode/Decode HTML

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Encode/Decode HTML

Post by tecktalkcm0391 »

Hello,

I am having trouble figuring out which functions I should use to save HTML data to a database, and then retrieve it turning it back into HTML.

Thanks!
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Re: Encode/Decode HTML

Post by infolock »

I usually use Serlialze to store HTML in a table field. others have their own methods too though
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Encode/Decode HTML

Post by Eran »

why serialize HTML..? what does that achieve?

Basically if you trust the input, you can store HTML directly (just remember escaping it with the proper database functions). If it's user input and you need to protect against XSS attacks, you can use a filtering library such as HTML Purifier - http://htmlpurifier.org/
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Re: Encode/Decode HTML

Post by tecktalkcm0391 »

Okay, which functions are they to do the "to mysql" and "from mysql" commands, cause my HTML keeps getting messed up when it's saved.
Thanks for the htmlpurifier.org link.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Encode/Decode HTML

Post by Eran »

cause my HTML keeps getting messed up when it's saved.
Can you elaborate on what "messed up" means in this context and also give code examples of how you insert / retrieve data from the database?
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Re: Encode/Decode HTML

Post by tecktalkcm0391 »

htmlentities is used to put the data in the database, and html_entity_decode is used before its displayed in the FCKeditor

If the HTML is

Code: Select all

<strong>PAGE FAILED TO LOAD</strong>
I get back

Code: Select all

<strong>PAGE&nbsp;FAILED&nbsp;TO&nbsp;LOAD</strong>
when it comes back from the database
AlanG
Forum Contributor
Posts: 136
Joined: Wed Jun 10, 2009 1:03 am

Re: Encode/Decode HTML

Post by AlanG »

Information in your database should be stored in a neutral manner and not biased towards a certain medium. Basically HTML is used for displaying information and shouldn't be stored along with the information, but rather the info should be encased in HTML only when it is being viewed by hypertext media (such as a browser).

serialize (and unserialize are functions for transforming data types (such as an array or object) into a string, while still maintaining it's structure. It's handy for storing arrays and objects in databases and files etc, but it has alot of overhead. This function won't suit your needs in this case.

The htmlentities and html_entity_decode are what you need. Unfortunately a space is also converted to it's html equivalent. May I suggest a str_replace function to solve that. :) A custom function would be ideal.

Code: Select all

 <?php
    function html_encode($str) {
        $str = htmlentities($str);
        $str = str_replace('&nbsp;',' ',$str); // Search for and replace all occurrences of &nbsp; with a single space
 
        return $str;
    }
?>
Last edited by AlanG on Thu Aug 20, 2009 8:54 am, edited 1 time in total.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Encode/Decode HTML

Post by Eran »

What's the point of using htmlentities to store data in the database if you intend to decode it back? the database doesn't care. The only reason to use htmlentities prior to storing the HTML would be if it would be always outputted in that format and not as plain HTML.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Encode/Decode HTML

Post by VladSun »

I agree with pytrin.
Escape your string by using a DB specific escape function (e.g. mysql_real_escape_string() ) and store it in the DB.
Later, you may (or may not) display it as HTML or as plain text (i.e. by using htmlentities() ) .
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply