PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
pedrotuga
Forum Contributor
Posts: 249 Joined: Tue Dec 13, 2005 11:08 pm
Post
by pedrotuga » Fri Jul 07, 2006 10:21 am
I want to display text that was inserted on the database by users...
It has to be safe and dispplay the endlines and stuff...
i guess this has been talked about before plents of times.... just tell me if this is the right order:
Code: Select all
echo nl2br( htmlspecialchars( htmlentities( $text ) ) );
thanks
Oren
DevNet Resident
Posts: 1640 Joined: Fri Apr 07, 2006 5:13 am
Location: Israel
Post
by Oren » Fri Jul 07, 2006 10:29 am
From the PHP Manual:
This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.
P.S This function = htmlentities()
pedrotuga
Forum Contributor
Posts: 249 Joined: Tue Dec 13, 2005 11:08 pm
Post
by pedrotuga » Fri Jul 07, 2006 10:47 am
stills the question.
whats the right way to do it?
like.. i dont want the user to e able to brake the page layout and stuff.
Oren
DevNet Resident
Posts: 1640 Joined: Fri Apr 07, 2006 5:13 am
Location: Israel
Post
by Oren » Fri Jul 07, 2006 11:00 am
Code: Select all
echo nl2br(htmlentities($text, ENT_QUOTES));
Looks fine for me, does anybody have anything to add?
Weirdan
Moderator
Posts: 5978 Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine
Post
by Weirdan » Fri Jul 07, 2006 12:35 pm
Code: Select all
echo nl2br(htmlspecialchars($text));