Page 1 of 1
Help with htmlentities
Posted: Sat Jun 25, 2005 6:39 am
by raghavan20
Hi, I am building a bloggin site.
1. If someone wants to create a post with the text having new line characters and extra spaces how can I preserve them?
I thought htmlentities would do that for me so when I store the post in the db, I use the htmlentities function on the variable and store it in the db. But when I read from the db the new line characters are not preserved.
2. If I wanted to add bold effect to a particular chunk of text, I normally write as "<b>the text goes here</b>". But when I use htmlentities() and store it in the db and when I read back the same thing("<b>the text goes here</b>". ) displays instead of the effect.
Could any of you help with me basic text format handling?
Posted: Sat Jun 25, 2005 8:52 am
by dethron
Posted: Sat Jun 25, 2005 2:04 pm
by Ambush Commander
Although get any more complicated than that, and you'll probably will want a real, stack-based parser.
Posted: Sat Jun 25, 2005 5:46 pm
by raghavan20
nl2br() works as I wanted to , it preserves the new lines.
hi dethron, I dont understand why you referred to look at 'preg-replace'? Could you tell me in which way it could help me?
Now, I couldnot understand the use of htmlentities and htmlspecialchars. I mean I can understand their functionalities but where they should be used?
Anyone can give me instances where they shd be used?
In a normal registration form, what are the various text functions that shd be used with every text field like firstname, lastname...
Do advice.
Posted: Sat Jun 25, 2005 6:01 pm
by Chris Corbyn
preg_replace() could simply be used to do *more* than just using nl2br(). For example, converting tabs to spaces since they wont display in HTML output...
htmlspecialchars() and htmlentities() are mainly used to prevent people from sending raw HTML through forms etc... It just means that the code is displayed by using entities rather than screwing your layouts up, among other things.
Hope that helps

Posted: Sat Jun 25, 2005 6:01 pm
by Ambush Commander
Actually, a resource that would list all common "fields" and good validation techniques for them would be pretty welcome. Sometimes, however, it's your judgement call. For instance, it's a good idea to Whitelist rather than blacklist.
First name, for example. Obviously, [a-zA-Z] are allowed. Some firstnames may also have [&'- ].
Posted: Sat Jun 25, 2005 6:05 pm
by Chris Corbyn
Ambush Commander wrote:Actually, a resource that would list all common "fields" and good validation techniques for them would be pretty welcome.
There's surely a class for this? If not, it's time to make one.
$validator->isValidEmail($address); type thing?
Posted: Sat Jun 25, 2005 6:11 pm
by raghavan20
which one is effective strip_tags or htmlentities?
I think if I wanted to retain <b> and <i> then I shd be using strip_tags...am I right?
This is what I wanted to do...
1. Strip all other tags except <b><i>
2. Retain all tabs and new lines
for the above, what are the funtions shd I use and in which order?
Posted: Sat Jun 25, 2005 6:35 pm
by Chris Corbyn
Hmmm... strip_tags() can be given a list of tags to exclude so I go with that.
Next use nl2br() to generate HTML linebreaks.
As far keeping tabs in tact... gimme 5 mins to modify a tab->space converter I wrote so that it outputs entities instead of spaces... (works better than the thing highlight_string() attempts to use by the way -- getting used in an editor I'm *half* working on)...
Posted: Sat Jun 25, 2005 6:48 pm
by Chris Corbyn
Code: Select all
<?php
/*
tabs2spaces() function written by d11wtq
Converts text containing tab characters into space characters only
-- whilst perfectly maintaining the formatting.
Use:
tabs2spaces(string source ї, bool entity-output ї, int tab-size]])
Last revised: 26th june 2005
*/
function tabs2spaces($source, $ents=false, $s=4) {
$space = ($ents)? '&nbsp;' : ' '; //Space or entity?
$lines = explode("e;\n"e;, $source); //Array of lines
$mod = array();
foreach ($lines as $l) {
while (false !== $pos = strpos($l, "e;\t"e;)) { //Remember position 0 equates to false!
$i = substr($l, 0, $pos);
$t = str_repeat($space, ($s - $pos % $s)); //Width of the tab
$e = substr($l, $pos+1);
$l = $i.$t.$e; //Rebuild the line
} //End while
$modї] = $l;
} //End foreach
$source = implode("e;\n"e;, $mod);
return $source;
} // tabs2spaces()
?>
You'll need to set the second paramter to true in order to get your tabs to display...
Code: Select all
include('tabs2spaces.function.php');
$source = 'Yadda yadda yadda'; //Has three tabs in it
$new = tabs2spaces($source, 1); // Yadda&nbsp;&nbsp;&nbsp;&nbsp;yadda&nbsp;&nbsp;yadda (uses the correct spacing)
Posted: Sun Jun 26, 2005 3:28 am
by raghavan20
Thats really a good function mate and I will use this one in my application.
I jus wanna confirm a few things.
So shall I start with,
1. tabs2spaces()
2. nl2br()
3. striptags($source,'<br><b><i>')
I hope using these functions would strip off all the malicious tags while preserving basic text formatting tags.
I have got one doubt.
1. Whether would be removed by htmlentities() or strip_tags() or htmlspecialchars()?
Can anyone suggest me how to look at the code of in-built function in php?
Anyway, thank you very much all of you for your continued efforts and special thanks to the 'd11wtq', the moderator for supporting open source with gd functions like the tabs2spaces().