Page 1 of 1

html entities on form output

Posted: Thu Aug 24, 2006 6:42 am
by soddengecko
hi all, i need some help.

i wrote a form for a friend that basically generates html lists so that he can copy and paste the html straight into his documents.

the form has 10 rows, each row contains a drop down box to select the css style, a box for the url, a box for the url name and a box to add a comment.

the form works fine and outputs exactly what it should. the problem i am having though is with the comments, if i use a quote, or backslash or similar the ouput has extra backslashes. eg:
don\'t
obviously i don't want this on the output. i think i have to use html entities but i am unable to get it working.

these are the variables (shortened to show just one row)

Code: Select all

$item1 = $_POST["item1"];
$link1 = $_POST["link1"];
$linkname1 = $_POST["linkname1"];
$blurb1 = $_POST["blurb1";
and this is the output script

Code: Select all

if ( trim ( $_POST['item1'] ) ) {
echo '<li class="'; echo "$item1"; echo '"><a href="'; echo "$link1"; echo '" target="_blank">'; echo "$linkname1"; echo "</a>."; if ( trim ( $_POST['blurb1'] ) ) {
echo "<br />$blurb1";
} else {
} echo "</li>"; echo "\n";
} else {
}
can anyone help me?[/quote]

Posted: Thu Aug 24, 2006 8:05 am
by paladaxar
have you tried stripslashes()?

Posted: Thu Aug 24, 2006 8:23 am
by matthijs
Use

Code: Select all

<?php
if (get_magic_quotes_gpc()) {
$input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
while (list($k,$v) = each($input)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$input[$k][$key] = stripslashes($val);
continue;
}
$input[] =& $input[$k][$key];
}
}
unset($input);
}
?>
at the start of your script to get rid of slashes, in case magic quotes is on. And then use htmlentities() to escape data if you want to output them with echo:

Code: Select all

<?php
$html['var']    = htmlentities($_POST['var'],ENT_QUOTES, 'UTF-8');

echo $html['var'];
?>

Posted: Thu Aug 24, 2006 9:26 am
by Jenk
whitespace is your friend matthijs.. :P

Posted: Thu Aug 24, 2006 10:29 am
by matthijs
Sorry about that. That's not my normal coding style Jenk, this was a quick ctrl-c-ctrl-v action :)
(bummer, no one believes me and is ever going to work with me now...)