Help with htmlentities

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Help with htmlentities

Post by raghavan20 »

Hi, I am building a bloggin site.

1. If someone wants to create a post with the text having new line characters and extra spaces how can I preserve them?

I thought htmlentities would do that for me so when I store the post in the db, I use the htmlentities function on the variable and store it in the db. But when I read from the db the new line characters are not preserved.

2. If I wanted to add bold effect to a particular chunk of text, I normally write as "<b>the text goes here</b>". But when I use htmlentities() and store it in the db and when I read back the same thing("<b>the text goes here</b>". ) displays instead of the effect.

Could any of you help with me basic text format handling?
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Although get any more complicated than that, and you'll probably will want a real, stack-based parser.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

nl2br() works as I wanted to , it preserves the new lines.

hi dethron, I dont understand why you referred to look at 'preg-replace'? Could you tell me in which way it could help me?

Now, I couldnot understand the use of htmlentities and htmlspecialchars. I mean I can understand their functionalities but where they should be used?
Anyone can give me instances where they shd be used?

In a normal registration form, what are the various text functions that shd be used with every text field like firstname, lastname...

Do advice.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

preg_replace() could simply be used to do *more* than just using nl2br(). For example, converting tabs to spaces since they wont display in HTML output...

htmlspecialchars() and htmlentities() are mainly used to prevent people from sending raw HTML through forms etc... It just means that the code is displayed by using entities rather than screwing your layouts up, among other things.

Hope that helps :)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Actually, a resource that would list all common "fields" and good validation techniques for them would be pretty welcome. Sometimes, however, it's your judgement call. For instance, it's a good idea to Whitelist rather than blacklist.

First name, for example. Obviously, [a-zA-Z] are allowed. Some firstnames may also have [&'- ].
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Ambush Commander wrote:Actually, a resource that would list all common "fields" and good validation techniques for them would be pretty welcome.
There's surely a class for this? If not, it's time to make one.

$validator->isValidEmail($address); type thing?
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

which one is effective strip_tags or htmlentities?

I think if I wanted to retain <b> and <i> then I shd be using strip_tags...am I right?

This is what I wanted to do...
1. Strip all other tags except <b><i>
2. Retain all tabs and new lines

for the above, what are the funtions shd I use and in which order?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Hmmm... strip_tags() can be given a list of tags to exclude so I go with that.
Next use nl2br() to generate HTML linebreaks.

As far keeping tabs in tact... gimme 5 mins to modify a tab->space converter I wrote so that it outputs entities instead of spaces... (works better than the thing highlight_string() attempts to use by the way -- getting used in an editor I'm *half* working on)...
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Code: Select all

&lt;?php

/*
 tabs2spaces() function written by d11wtq
 Converts text containing tab characters into space characters only
 -- whilst perfectly maintaining the formatting.
 
 Use:
 	tabs2spaces(string source &#1111;, bool entity-output &#1111;, int tab-size]])
 
 Last revised: 26th june 2005
 */

function tabs2spaces($source, $ents=false, $s=4) {

	$space = ($ents)? '&amp;nbsp;' : ' '; //Space or entity?
	
	$lines = explode(&quote;\n&quote;, $source); //Array of lines
	$mod = array();
	
	foreach ($lines as $l) {
		
		while (false !== $pos = strpos($l, &quote;\t&quote;)) { //Remember position 0 equates to false!
			
			$i = substr($l, 0, $pos);
			$t = str_repeat($space, ($s - $pos % $s)); //Width of the tab
			$e = substr($l, $pos+1);
			$l = $i.$t.$e; //Rebuild the line
			
		} //End while
		
		$mod&#1111;] = $l;
		
	} //End foreach
	
	$source = implode(&quote;\n&quote;, $mod);
	
	return $source;
	
} // tabs2spaces()

?&gt;
You'll need to set the second paramter to true in order to get your tabs to display...

Code: Select all

include('tabs2spaces.function.php');

$source = 'Yadda	yadda	yadda'; //Has three tabs in it

$new = tabs2spaces($source, 1); // Yadda&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;yadda&amp;nbsp;&amp;nbsp;yadda (uses the correct spacing)
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

Thats really a good function mate and I will use this one in my application.

I jus wanna confirm a few things.

So shall I start with,
1. tabs2spaces()
2. nl2br()
3. striptags($source,'<br><b><i>')

I hope using these functions would strip off all the malicious tags while preserving basic text formatting tags.


I have got one doubt.
1. Whether &nbsp; would be removed by htmlentities() or strip_tags() or htmlspecialchars()?

Can anyone suggest me how to look at the code of in-built function in php?

Anyway, thank you very much all of you for your continued efforts and special thanks to the 'd11wtq', the moderator for supporting open source with gd functions like the tabs2spaces().
Post Reply