Page 1 of 1

htmlspecialchars()

Posted: Sat Jun 23, 2007 2:42 pm
by cpetzol2
I am here to ask about the performance of htmlspecialchars().

I am designing a simple template system that does not parse code, but uses <?php?> breaks in order to insert values within a buffer. With performance in mind, would it be better if I used htmlspecialchars() in the corresponding template that could have unintended output code, or to just run it on the entire output buffer for the page? Will there be a significant difference?

Posted: Sat Jun 23, 2007 2:49 pm
by superdezign
.. What? What is it that you think htmlspecialchars() does?

Posted: Sat Jun 23, 2007 4:17 pm
by maliskoleather
htmlspecialchars(); only does the following: (taken from the manual)
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
''' (single quote) becomes ''' only when ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'

so using it on the output buffer will basically render your html useless.
if i understand your template system right, you want to use it in the template.. something like

Code: Select all

echo htmlspecialchars($string);