htmlspecialchars to and from the database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

htmlspecialchars to and from the database

Post by superdezign »

On my blog, I have my posts set up with a raw content field and a parsed content field in the database. The raw content field is for editing, the parsed content field is already parsed as HTML. I'm having a problem, however, with HTML character codes that contain the pound sign. Standard character such as ñ (ñ) and þ (þ) work fine. When they are submitted, they go to the database in their raw form, and are translated into their HTML character code equivalent in their parsed form. However, for complex characters such as ★ (★) and ☆ (☆) are saved in their HTML character code format, which causes htmlspecialchars() to parse the ampersand as a special character. For example, "☆" becomes "☆", which displays as "☆" instead of "☆".

Are there any suggestions for fixing this behavior? What is causing these character codes to be submitted into the database incorrectly?


EDIT: For now, I am combating this by using str_replace('&#', '&#', htmlspecialchars($content)). I'd prefer a less hackish solution, though.
User avatar
akuji36
Forum Contributor
Posts: 190
Joined: Tue Oct 14, 2008 9:53 am
Location: Hartford, Connecticut

Re: htmlspecialchars to and from the database

Post by akuji36 »

Take a look at the following video tutorial regarding regular expressions:

http://www.phpvideotutorials.com/regex/

It should help you out. address issues like strip slashes and
magic quotes.

Rod
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: htmlspecialchars to and from the database

Post by Darhazer »

The definition of the function:

Code: Select all

string htmlspecialchars ( string $string [, int $quote_style= ENT_COMPAT [, string $charset [, bool $double_encode= true ]]] )
Set the last parameter to false and the entities won't be encoded twise.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: htmlspecialchars to and from the database

Post by superdezign »

Ahh, I didn't know that double_encode had to do with that. Thank you. :D
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: htmlspecialchars to and from the database

Post by cpetercarter »

htmlspecialchars() will transform only the most common 'problem' characters. To encode all non-standard characters, you need to use htmlentities().

The 'double encoding' parameter only came in in php 5.2.3. If you have an earlier php version, you can prevent double encoding by first decoding the string, and then encoding it again.
Post Reply