Getting HTMLEntities to work...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Trenchant
Forum Contributor
Posts: 291
Joined: Mon Nov 29, 2004 6:04 pm
Location: Web Dummy IS

Getting HTMLEntities to work...

Post by Trenchant »

I can't seem to get htmlspecialchars or HTML_entities working...

I have a feeling its something really dumb I overlooked. Can anyone see my mistake?

Code: Select all

// Unfinished filter function.
function filter($input, $type) {
	// First clear the input of any HTML entities
	$input = htmlspecialchars($input, ENT_QUOTES);
	echo $input;
	
	// Separate possible other "types"
	$type = explode("-", $type);
	
	// Now that the input is cleared as safe check it for content.
	
	// Is the input an integer?
	if ($type[0] == 'integer') {
		// The number MUST be a number.
		
		// Check it	
		if($input == '0' || is_int($input) == true) {
			// The number is either 0 or another integer.  Its cleared.
			return $input;
		}
	} elseif ($type[0] == 'text') {
		// Check if the input is text.
		
		// Keep any \n's that could have been previously made.
		$input = str_replace("\n", "\n<br />\n", $input);
		
		return $input;
	}		
}
This will simply return the original string unaltered. Even if it has quotes in it.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

try viewing the page source

In firefox, View -> Page Source
In explorer, View -> Source

What is the output?
User avatar
Trenchant
Forum Contributor
Posts: 291
Joined: Mon Nov 29, 2004 6:04 pm
Location: Web Dummy IS

Post by Trenchant »

It displays it in a broken down form then but the only problem is when I try to insert that into a mysql database it still comes up with errors from quotes.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Let's have a look at your insert query
User avatar
Trenchant
Forum Contributor
Posts: 291
Joined: Mon Nov 29, 2004 6:04 pm
Location: Web Dummy IS

Post by Trenchant »

Code: Select all

// clean the input.
$comp['to'] = filter($_POST['input_e_to'], 'text');
$comp['from'] = $player_id;
$comp['message'] = filter($_POST['input_e_message'], 'text');
$comp['subject'] = filter($_POST['input_e_subject'], 'text');
$comp['date'] = $date;
$comp['from_ip'] = $ip;
			
// Connect to the database and clear all information.
$system->db_connect();
$comp['to'] = mysql_real_escape_string($comp['to']);
$comp['subject'] = mysql_real_escape_string($comp['subject']);
$comp['message'] = mysql_real_escape_string($comp['message']);


// The email is good so send it.
$sql = mysql_query("INSERT INTO `users_emails` (recipient, sender, folder, subject, message, replyto, sender_ip, date) VALUES ('$comp[to_id]', '$comp[from]', '$comp[to_folder]', '$comp[subject]', '$comp[message]', '$comp[from]', '$comp[from_ip]', '$comp[date]')") or die(mysql_error());
Thats basically it there.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

I think it may be complaining about the quotes around the table name. Try losing those and see if it works.

EDIT: actually, probably not. What does MySQL say when you run the query?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Also can you tell us the result of

Code: Select all

echo "INSERT INTO `users_emails` (recipient, sender, folder, subject, message, replyto, sender_ip, date) VALUES ('$comp[to_id]', '$comp[from]', '$comp[to_folder]', '$comp[subject]', '$comp[message]', '$comp[from]', '$comp[from_ip]', '$comp[date]')";
Start quoting your array indices aswell, $comp[from] might produce an indefined constant notice, and/or result in unexpected results
User avatar
Trenchant
Forum Contributor
Posts: 291
Joined: Mon Nov 29, 2004 6:04 pm
Location: Web Dummy IS

Post by Trenchant »

For some reason it randomly started working...

I think it may have been because one of my columns was named "read".

After I switched it to read I just fiddled a little more and it started working. I checked the mysql database and the html is in an encoded form.

Thanks for the help.
Post Reply