Page 2 of 2

Posted: Sun Apr 02, 2006 11:35 pm
by fambi
Hi Chris - nice to know that you take part in this forum!

I just had a read of the PHP Manual which says:
Like htmlspecialchars(), it takes an optional third argument charset which defines character set used in conversion. Support for this argument was added in PHP 4.1.0. Presently, the ISO-8859-1 character set is used as the default.
So, if the site's headers already delcare:

Code: Select all

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
Is there still the need to define the character set used in the conversion?

Also, can you give an example in which the importance of ENT_QUOTES is highlighted.

Thanks all for your help.

Posted: Mon Apr 03, 2006 2:49 am
by Ollie Saunders
http://shiflett.org/archive/178

Hope that explains it better! :-)
yes yes it does. thanks. I have to say I wasn't expected the author to turn up like that. That's a nice surprise.

fambi:
htmlentities() is more "exhaustive" so use that. And personally I perfer to specify things rather than use defaults because defaults change with releases and also other programmer's knowledge of such things is not always very good. Certainly if I saw:

Code: Select all

?>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
</head>
<body>
<?
echo htmlentities($_GET['name'], ENT_QUOTES);
I would assume it was incomplete and insecure even though in this case i may be fine. If you get tried of using such a long function call for htmlentities write you're own function and call that, this way its easier to change encoding if you have to as well:

Code: Select all

function htmlClean($str) {
  return htmlentities($str,ENT_QUOTES,'ISO-8859-1');
}

Posted: Mon Apr 03, 2006 2:52 am
by fambi
ole wrote:If you get tried of using such a long function call for htmlentities write you're own function and call that, this way its easier to change encoding if you have to as well:

Code: Select all

function htmlClean($str) {
  return htmlentities($str,ENT_QUOTES,'ISO-8859-1');
}
Beat you to it... but thanks for the help.