Im having a problem displaying certain data with PHP from the database.
How its currently showing - "SSA's"
How it should show "SSA's"
HTML Meta Tag
meta charset="UTF-8">
PHP Code
$article_title = html_entity_decode(mb_convert_encoding(stripslashes($r->ArticleTitle), "HTML-ENTITIES", 'UTF-8'));
You can decode by using these two methods html_entity_decode() or htmlspecialchars_decode()
Basic Example:
$string = html_entity_decode("SSA's");
echo $string; // result SSA's
$string = htmlspecialchars_decode("SSA's");
echo $string; // result SSA's
Remove the html_entity_decode function, as you are double encoding HTML-ENTITIES
And as #ChrisBanks pointed out, you also don't need stripslashes
You need to call html_entity_decode again because the data is being stored as double encoded and remove the stripslashes.
$article_title = html_entity_decode(html_entity_decode(mb_convert_encoding($r->ArticleTitle, "HTML-ENTITIES", 'UTF-8')));
You might want to investigate how the data is being stored in the database as double-encoded in the first place. Perhaps htmlentities is being called twice somewhere.
To add on to the comment:
You shouldn't store data HTML encoded unless for some reason you really and truly need to (there might be some cases you're required to). It is only on output and rendering on a webpage do you want to use htmlentities.
Related
I'm working with a MySQL database and to prevent SQL injections I used:
$entities_correction = htmlspecialchars($Query, ENT_COMPAT, 'UTF-8');
However when I try to show the information to the user I got this:
<p><strong>asdasdasdasdasd</strong></p><p><em>asdasdasdasd</em></p><ol><li><em>1</em></li><li><strong>2</strong><ol><li><strong>asdasdasd</strong></li></ol></li></ol><p><strong>adasbui</strong></p>
With the tags and all that stuff. How can I remove those tags and make it look like this when showing to the user?
Expected output:
asdasdasdasdasdasdasdasdasd12asdasdasdadasbui
You can simply use html_entity_decode
The html_entity_decode() function converts HTML entities to characters.
Please refer to the below links :
http://www.w3schools.com/php/func_string_html_entity_decode.asp
http://php.net/manual/en/function.html-entity-decode.php
You have to use htmlspecialchars_decode() for this reason. Just pass the data to it.
More info: http://php.net/manual/en/function.htmlspecialchars-decode.php
I just want to add in tag any string.
I am using this code to escape string:
$name = $this->_dom->createElement('name', htmlspecialchars($userName, ENT_COMPAT,'utf-8'));
$item->appendChild($name);
I got a problem, one of my users put to name field some specific symbols, and whole xml feed become broken. How i must escaping string?
Thank for help and sorry for my poor English...
I think adding the xml node's value by using createTextNode instead of passing it as a parameter to createElement may solve your problem.
My solution:
$title = $this->_dom->createElement('title',
htmlspecialchars($playlist->getTitle(),
ENT_DISALLOWED, 'utf-8')
);
And when you output xml, you must strip � (REPLACEMENT CHARACTER) see this related link about ENT_DISALLOWED like:
echo str_replace('�', '', $this->_dom->saveXML());
This way allows us to display any string with html entities and/or special chars.
I have an issue with the special characters. For ex. In the database is written "A & A" (database is set on utf8-unicode-ci).
I am retrieving in autosugest list the values correctly with:
while ($row = mysql_fetch_array($result)) {
$keywords = htmlspecialchars($row['name']);
echo "<keywords>". $keywords ."</keywords>";
}
When I click to select the "A & A" in the input field is filled as A & amp; A
the header is set on :<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
Can you please let me know how to display the special character?
If you want to convert from A & A to A&A, use htmlspecialchars_decode on the text.
If you want to convert from A&A to A & A use htmlspecialchars.
In your case removing htmlspecialchars operation on the text pulled from your database will do.
Since your issue appears to be with the & character being replaced with &, maybe running something like $text = str_replace("&", "&", htmlspecialchars($text)); will work better for you, and prevents XSS.
If you have "A & A" in the database, htmlspecialchars will do that.
Remove htmlspecialchars.
Its better use rawurlencode before you inserting the value to database. Then whenever you fetching the value, use rawurldecode. I think it may solve your problem.
rawurldecode($row['name']);
Check this http://php.net/manual/en/function.rawurlencode.php
I am using tinymce editor to have html page and then insert it in mysql.
I tried this:
$esdata = mysql_real_escape_string($data);
it is working for all html except images. If I have hyperlink like:
http://www.abc.com/pic.jpg
then it makes it somewhat very obscure and the image doesn't appear.
INPUT
<img src="../images/size-chart.jpg" alt="Beer" />
OUPUT
<img src="\""images/size-chart.jpg\\"\"" alt="\"Beer" />
Try to use urlencode and urldecode to escape the string.
As Christian said it is not used for the sake of DB but to keep the things as it is. So you can also use urlencode and urldecode.
For Ex:
//to encode
$output = urlencode($input);
//to decode
$input = urldecode($output);
You shouldn't over-escape code before you send it to DB.
When you escape it, it's done in a way that it is stored in the DB as it was originally. Escaping is not done for the sake of the DB, but for the sake of keeping the data as it was without allowing users to inject bad stuff in your sql statements (prior to sending the stuff in the DB).
You should use htmlspecialchars function to encode the string and htmlspecialchars_decode to display the string back to html
I have a link stored in my database, lets say it's
http://somedomain.com/page.php?username=tom&surname=smith
When I bring this back to html, I get an xhtml error because of the &
How do I convert the & to an &
Also, I have some links in the database which already have & instead of &
So, how do I convert & when required, but not convert & to &
Don't store escaped/encoded text. You never know what format the text will be required to be in when you retrieve it. If you store it URL-encoded, but you have to insert it into an HTML document,then you have to undo the url encoding and switch to HTML encoding. Which is a waste. Best to store it in 'raw' format and convert as needed at the time you need it.
Use htmlspecialchars() to escape/encode the XML/HTML metacharacters prior to inserting into your XML document.
You can use htmlentities.
The easiest way would be do replace all & to &, and then all & to $#38;, such as
$content = str_replace("&", "&", $content);
$content = str_replace("&", "$#38;", $content);
But you should not store data like that in your database.