htmlspecialchars()

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cpetzol2
Forum Newbie
Posts: 11
Joined: Tue Feb 27, 2007 7:31 pm

htmlspecialchars()

Post by cpetzol2 »

I am here to ask about the performance of htmlspecialchars().

I am designing a simple template system that does not parse code, but uses <?php?> breaks in order to insert values within a buffer. With performance in mind, would it be better if I used htmlspecialchars() in the corresponding template that could have unintended output code, or to just run it on the entire output buffer for the page? Will there be a significant difference?
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

.. What? What is it that you think htmlspecialchars() does?
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

htmlspecialchars(); only does the following: (taken from the manual)
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
''' (single quote) becomes ''' only when ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'

so using it on the output buffer will basically render your html useless.
if i understand your template system right, you want to use it in the template.. something like

Code: Select all

echo htmlspecialchars($string);
Post Reply