Page 1 of 1

htmlentities, htmlspecialchars and nl2br

Posted: Fri Jul 07, 2006 10:21 am
by pedrotuga
I want to display text that was inserted on the database by users...

It has to be safe and dispplay the endlines and stuff...

i guess this has been talked about before plents of times.... just tell me if this is the right order:

Code: Select all

echo nl2br( htmlspecialchars( htmlentities( $text ) ) );
thanks

Posted: Fri Jul 07, 2006 10:29 am
by Oren
From the PHP Manual:
This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.

P.S This function = htmlentities()

Posted: Fri Jul 07, 2006 10:47 am
by pedrotuga
stills the question.

whats the right way to do it?

like.. i dont want the user to e able to brake the page layout and stuff.

Posted: Fri Jul 07, 2006 11:00 am
by Oren

Code: Select all

echo nl2br(htmlentities($text, ENT_QUOTES));
Looks fine for me, does anybody have anything to add?

Posted: Fri Jul 07, 2006 12:35 pm
by Weirdan

Code: Select all

echo nl2br(htmlspecialchars($text));