Help with htmlentities
Moderator: General Moderators
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
Help with htmlentities
Hi, I am building a bloggin site.
1. If someone wants to create a post with the text having new line characters and extra spaces how can I preserve them?
I thought htmlentities would do that for me so when I store the post in the db, I use the htmlentities function on the variable and store it in the db. But when I read from the db the new line characters are not preserved.
2. If I wanted to add bold effect to a particular chunk of text, I normally write as "<b>the text goes here</b>". But when I use htmlentities() and store it in the db and when I read back the same thing("<b>the text goes here</b>". ) displays instead of the effect.
Could any of you help with me basic text format handling?
1. If someone wants to create a post with the text having new line characters and extra spaces how can I preserve them?
I thought htmlentities would do that for me so when I store the post in the db, I use the htmlentities function on the variable and store it in the db. But when I read from the db the new line characters are not preserved.
2. If I wanted to add bold effect to a particular chunk of text, I normally write as "<b>the text goes here</b>". But when I use htmlentities() and store it in the db and when I read back the same thing("<b>the text goes here</b>". ) displays instead of the effect.
Could any of you help with me basic text format handling?
Manual Manual Manual. -Napoleon Bonaparte
http://www.php.net/manual/en/function.nl2br.php
http://www.php.net/manual/en/function.preg-replace.php
http://www.php.net/manual/en/function.nl2br.php
http://www.php.net/manual/en/function.preg-replace.php
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
nl2br() works as I wanted to , it preserves the new lines.
hi dethron, I dont understand why you referred to look at 'preg-replace'? Could you tell me in which way it could help me?
Now, I couldnot understand the use of htmlentities and htmlspecialchars. I mean I can understand their functionalities but where they should be used?
Anyone can give me instances where they shd be used?
In a normal registration form, what are the various text functions that shd be used with every text field like firstname, lastname...
Do advice.
hi dethron, I dont understand why you referred to look at 'preg-replace'? Could you tell me in which way it could help me?
Now, I couldnot understand the use of htmlentities and htmlspecialchars. I mean I can understand their functionalities but where they should be used?
Anyone can give me instances where they shd be used?
In a normal registration form, what are the various text functions that shd be used with every text field like firstname, lastname...
Do advice.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
preg_replace() could simply be used to do *more* than just using nl2br(). For example, converting tabs to spaces since they wont display in HTML output...
htmlspecialchars() and htmlentities() are mainly used to prevent people from sending raw HTML through forms etc... It just means that the code is displayed by using entities rather than screwing your layouts up, among other things.
Hope that helps
htmlspecialchars() and htmlentities() are mainly used to prevent people from sending raw HTML through forms etc... It just means that the code is displayed by using entities rather than screwing your layouts up, among other things.
Hope that helps
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Actually, a resource that would list all common "fields" and good validation techniques for them would be pretty welcome. Sometimes, however, it's your judgement call. For instance, it's a good idea to Whitelist rather than blacklist.
First name, for example. Obviously, [a-zA-Z] are allowed. Some firstnames may also have [&'- ].
First name, for example. Obviously, [a-zA-Z] are allowed. Some firstnames may also have [&'- ].
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
which one is effective strip_tags or htmlentities?
I think if I wanted to retain <b> and <i> then I shd be using strip_tags...am I right?
This is what I wanted to do...
1. Strip all other tags except <b><i>
2. Retain all tabs and new lines
for the above, what are the funtions shd I use and in which order?
I think if I wanted to retain <b> and <i> then I shd be using strip_tags...am I right?
This is what I wanted to do...
1. Strip all other tags except <b><i>
2. Retain all tabs and new lines
for the above, what are the funtions shd I use and in which order?
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Hmmm... strip_tags() can be given a list of tags to exclude so I go with that.
Next use nl2br() to generate HTML linebreaks.
As far keeping tabs in tact... gimme 5 mins to modify a tab->space converter I wrote so that it outputs entities instead of spaces... (works better than the thing highlight_string() attempts to use by the way -- getting used in an editor I'm *half* working on)...
Next use nl2br() to generate HTML linebreaks.
As far keeping tabs in tact... gimme 5 mins to modify a tab->space converter I wrote so that it outputs entities instead of spaces... (works better than the thing highlight_string() attempts to use by the way -- getting used in an editor I'm *half* working on)...
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Code: Select all
<?php
/*
tabs2spaces() function written by d11wtq
Converts text containing tab characters into space characters only
-- whilst perfectly maintaining the formatting.
Use:
tabs2spaces(string source ї, bool entity-output ї, int tab-size]])
Last revised: 26th june 2005
*/
function tabs2spaces($source, $ents=false, $s=4) {
$space = ($ents)? '&nbsp;' : ' '; //Space or entity?
$lines = explode("e;\n"e;, $source); //Array of lines
$mod = array();
foreach ($lines as $l) {
while (false !== $pos = strpos($l, "e;\t"e;)) { //Remember position 0 equates to false!
$i = substr($l, 0, $pos);
$t = str_repeat($space, ($s - $pos % $s)); //Width of the tab
$e = substr($l, $pos+1);
$l = $i.$t.$e; //Rebuild the line
} //End while
$modї] = $l;
} //End foreach
$source = implode("e;\n"e;, $mod);
return $source;
} // tabs2spaces()
?>Code: Select all
include('tabs2spaces.function.php');
$source = 'Yadda yadda yadda'; //Has three tabs in it
$new = tabs2spaces($source, 1); // Yadda&nbsp;&nbsp;&nbsp;&nbsp;yadda&nbsp;&nbsp;yadda (uses the correct spacing)- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
Thats really a good function mate and I will use this one in my application.
I jus wanna confirm a few things.
So shall I start with,
1. tabs2spaces()
2. nl2br()
3. striptags($source,'<br><b><i>')
I hope using these functions would strip off all the malicious tags while preserving basic text formatting tags.
I have got one doubt.
1. Whether would be removed by htmlentities() or strip_tags() or htmlspecialchars()?
Can anyone suggest me how to look at the code of in-built function in php?
Anyway, thank you very much all of you for your continued efforts and special thanks to the 'd11wtq', the moderator for supporting open source with gd functions like the tabs2spaces().
I jus wanna confirm a few things.
So shall I start with,
1. tabs2spaces()
2. nl2br()
3. striptags($source,'<br><b><i>')
I hope using these functions would strip off all the malicious tags while preserving basic text formatting tags.
I have got one doubt.
1. Whether would be removed by htmlentities() or strip_tags() or htmlspecialchars()?
Can anyone suggest me how to look at the code of in-built function in php?
Anyway, thank you very much all of you for your continued efforts and special thanks to the 'd11wtq', the moderator for supporting open source with gd functions like the tabs2spaces().