PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have tried every conceivable way to make this function work. It getting old and I just don't understand what the problem can be?
my input is "<<<<>>>>". And after running the variable through htmlspecialchars() I still get "<<<<>>>>" Has this function been depreciated or what am I missing???
Here is my code:
<?PHP
$myinput= "<<<<>>>>";
echo "this is my input: " . $myinput . "before the funciton";
echo "<br/><br/> this is my output after the function is run:" . check_input($myinput);
echo "<br/><br/> But if i run htmlspecialchars() on my input variable I get this: " . htmlspecialchars($myinput);
function check_input ($data)
{
$data = htmlspecialchars($data);
return $data;
}
?>
this function main purpose is to protect from basic html injection trough forms or other input. When you use it on a variable,it will neutralise its content and format it as a text that the browser will understand but not execute.I recommend you to use it each time you a taking data from visitors.
cc4digital wrote:I have tried every conceivable way to make this function work. It getting old and I just don't understand what the problem can be?
htmlspecialchars() converts the html unsafe characters to html-safe characters. Your function is working, the point you are missing is that the browser is now displaying an html safe version of > and < (> and < respectively). The function (htmlspecialchars()) doesn't remove / eliminate special characters but converts them.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
It is >><<. The difference is that your browser displays > as > and < as <. It's easier to see the difference if you try using real input like <strong>Testing</strong>.
With htmlspecialchars, you will see:
<strong>Testing</strong>
Without it, you will see: Testing
If you want to see the entity codes yourself, right-click the page and View Source. You'll see it there. If you want it to actually display the entity codes to you, then you need to run htmlspecialchars again.
Let's take the test string "<<>>" and run it through htmlspecialchars. echo htmlspecialchars('<<>>'); will output "<<>>" which will display in your browser as "<<>>".
Then, if you run it through again, echo htmlspecialchars('<<>>'); will output "<<>>" which will display in your browser as "<<>>".
So, echo htmlspecialchars(htmlspecialchars('<<>>')); will show "<<>>" in your browser.