Display problem using htmlentities() function

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
phazorRise
Forum Contributor
Posts: 134
Joined: Mon Dec 27, 2010 7:58 am

Re: Display problem using htmlentities() function

Post by phazorRise »

magic quotes are turned on in your php.ini. Either turn them off or use-

Code: Select all

echo stripslashes($name_entity);
Why is the output not the same of the input when using htmlentities()
htmlentities() does it's job successfully. Slashes are added when form is submitted by php runtime. htmlentities is not designed to remove slashes.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Display problem using htmlentities() function

Post by social_experiment »

Use htmlentities with the ENT_QUOTES flag : htmlentities($value, ENT_QUOTES). This will convert both single and double quotation marks.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Display problem using htmlentities() function

Post by social_experiment »

1skazi wrote:I think no flags of htmlentities() are needed to use to display user input because it is not essential to convert any quotation mark ( either single or double ) to output user's exact input. Only needed to convert HTML tags into entities.
Double and single quotes are characters with html safe equivalents, the primary function of htmlentities is to convert any character that has an html safe equivalent to said equivalent: < to < or > to > etc.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
phazorRise
Forum Contributor
Posts: 134
Joined: Mon Dec 27, 2010 7:58 am

Re: Display problem using htmlentities() function

Post by phazorRise »

as stated by social experiment, use ENT_QUOTES.
It's good practice to convert both single and double quotes while cleaning user input.
phphelpme
Forum Contributor
Posts: 261
Joined: Sun Nov 21, 2010 3:32 pm

Re: Display problem using htmlentities() function

Post by phphelpme »

Thats very good advice phazerrise,

I will personally be taking that on board.

Best wishes
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Display problem using htmlentities() function

Post by social_experiment »

1skazi wrote:I think no flags of htmlentities() are needed to use to display user input because it is not essential to convert any quotation mark ( either single or double ) to output user's exact input.
Correct, i looked at htmlentities() and by default " is converted to " which is what you want but you can still use ' to create a cross-side-script attack which makes converting anything that might help a malicious user a good thing ;) Remember that the magic quotes option is deprecated (as of PHP 5.3.0) and though it works on the server you use now, it might not in the future.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply