htmlentities, htmlspecialchars and nl2br

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

htmlentities, htmlspecialchars and nl2br

Post by pedrotuga »

I want to display text that was inserted on the database by users...

It has to be safe and dispplay the endlines and stuff...

i guess this has been talked about before plents of times.... just tell me if this is the right order:

Code: Select all

echo nl2br( htmlspecialchars( htmlentities( $text ) ) );
thanks
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

From the PHP Manual:
This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.

P.S This function = htmlentities()
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

stills the question.

whats the right way to do it?

like.. i dont want the user to e able to brake the page layout and stuff.
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

Code: Select all

echo nl2br(htmlentities($text, ENT_QUOTES));
Looks fine for me, does anybody have anything to add?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Code: Select all

echo nl2br(htmlspecialchars($text));
Post Reply