I am here to ask about the performance of htmlspecialchars().
I am designing a simple template system that does not parse code, but uses <?php?> breaks in order to insert values within a buffer. With performance in mind, would it be better if I used htmlspecialchars() in the corresponding template that could have unintended output code, or to just run it on the entire output buffer for the page? Will there be a significant difference?
htmlspecialchars()
Moderator: General Moderators
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
- maliskoleather
- Forum Contributor
- Posts: 155
- Joined: Tue May 15, 2007 2:19 am
- Contact:
htmlspecialchars(); only does the following: (taken from the manual)
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
''' (single quote) becomes ''' only when ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
so using it on the output buffer will basically render your html useless.
if i understand your template system right, you want to use it in the template.. something like
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
''' (single quote) becomes ''' only when ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
so using it on the output buffer will basically render your html useless.
if i understand your template system right, you want to use it in the template.. something like
Code: Select all
echo htmlspecialchars($string);