html entities on form output

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
soddengecko
Forum Newbie
Posts: 1
Joined: Thu Aug 24, 2006 6:32 am

html entities on form output

Post by soddengecko »

hi all, i need some help.

i wrote a form for a friend that basically generates html lists so that he can copy and paste the html straight into his documents.

the form has 10 rows, each row contains a drop down box to select the css style, a box for the url, a box for the url name and a box to add a comment.

the form works fine and outputs exactly what it should. the problem i am having though is with the comments, if i use a quote, or backslash or similar the ouput has extra backslashes. eg:
don\'t
obviously i don't want this on the output. i think i have to use html entities but i am unable to get it working.

these are the variables (shortened to show just one row)

Code: Select all

$item1 = $_POST["item1"];
$link1 = $_POST["link1"];
$linkname1 = $_POST["linkname1"];
$blurb1 = $_POST["blurb1";
and this is the output script

Code: Select all

if ( trim ( $_POST['item1'] ) ) {
echo '<li class="'; echo "$item1"; echo '"><a href="'; echo "$link1"; echo '" target="_blank">'; echo "$linkname1"; echo "</a>."; if ( trim ( $_POST['blurb1'] ) ) {
echo "<br />$blurb1";
} else {
} echo "</li>"; echo "\n";
} else {
}
can anyone help me?[/quote]
paladaxar
Forum Commoner
Posts: 85
Joined: Fri Jun 18, 2004 11:50 pm

Post by paladaxar »

have you tried stripslashes()?
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Use

Code: Select all

<?php
if (get_magic_quotes_gpc()) {
$input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
while (list($k,$v) = each($input)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$input[$k][$key] = stripslashes($val);
continue;
}
$input[] =& $input[$k][$key];
}
}
unset($input);
}
?>
at the start of your script to get rid of slashes, in case magic quotes is on. And then use htmlentities() to escape data if you want to output them with echo:

Code: Select all

<?php
$html['var']    = htmlentities($_POST['var'],ENT_QUOTES, 'UTF-8');

echo $html['var'];
?>
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

whitespace is your friend matthijs.. :P
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Sorry about that. That's not my normal coding style Jenk, this was a quick ctrl-c-ctrl-v action :)
(bummer, no one believes me and is ever going to work with me now...)
Post Reply