I need to display a few item names as it is stored in database. It is working fine except when the name contains HTML special characters. For eg: if the name is like <ItemName> it is showed as <ItemName> when echo it using PHP. How can I prevent this. Also if the name is stored in DB as <ItemName> it should show like that only. When I tried to use htmlentities(), it is showing the & as & and that isn't what I need to show. How this can be fixed ?
Also I am using Highcharts and it has the item names as labels. So the name <ItemName> (if with tags), needs to be converted to htmlentities() in order to display it correctly. Otherwise, it will not show the label.
Just use htmlspecialchars function
<?php
echo(htmlspecialchars('<ItemName>something</ItemName>'));
or as in your case:
<?php
echo(htmlspecialchars('<ItemName>something</ItemName>'));
Related
I am working with php and i am trying to get data from "Editor" ( like Tinymyc),But
right now i am getting special characters like "<strong> ,<p>" etc..i just want to get simple data
without any special characters,how can i do this ?I tried with following code
$data=$_POST['editor'];
Give this a try - if your code is correct this should work.
$data = strip_tags($_POST['editor']);
Deat All, How do i display data into a html table if my data have like the below:
$str=<table border='1' width='100px'><tr><td>30-00463-00P12><CARDS PENGUIN PICK “UP” HALVES &DOUBLES PK 18><VEST, “RELEASABLE” PACK, ‘MD’, WC W/ ARM</td></tr></table>
I want to display data into a table like "30-00473-03 MAGNETS GEOMAG 216 PIECES GEO76> are misssing.and it does noty print after <> ..i want diaply all character with this special character..Hope you got ..what i want ??
Please help me.
Try using the htmlentities() function in PHP as follows,
echo htmlentities($str);
it will automatically replace special characters by the corresponding HTML entities.
** For more info - htmlentities()
eksample:
I want to make a database where admin can add "news article with code", where the code doesn't get translated, when posted on webpage.
So, someone post;
if (!isset($_GET['underside'])){
include ('front.inc.php');
}else{
include($_GET['underside']);
}
?>
(and it will be posted on the webpage, without being translated)
(the same technich as used on this page)
Use file_get_contents() to read the file into a string, replace all special characters using htmlspecialchars() and then print the string using echo().
In my register form, if user disable javacript validation for registeration form and try to insert value <script>alert("hacked")</script> then this value is inserting to in my database table.
Can you please assist me how can I secure my application from that type problem?
Thanks.
When you display data that has been provided by the user, you should use htmlentities() to ensure that any HTML tags get display literally, rather than being rendered by the browser.
Well mysql have REPLACE() function for this.
But in your case you can use strip_tags which will escape all the html tags.
$name = strip_tags($_REQUEST['name']);
If you dont want any special character to be inserted
echo strip_tags(str_replace(array('"','/','(','*',':','=','^','#',';'),'',$name);
This will treat all the remaining as string.
For reference see Manual
I have a MySQL table that contains names and e-mail addresses. The data was originally imported from a .csv file, and it did not originally contain complete e-mail addresses. We had to append the #place.domain to the user's alias.
When the data is sitting in the MySQL table, it looks normal: person#place.domain; however, when I output the content in PHP, I get this: person #place.domain. There's always a space between the person and the #. It doesn't look like that in the MySQL column, nor does it look like that when I copy/paste the data into Notepad, Word, Excel, etc. Furthermore, if I erase the data in the column and manually replace it with person#place.domain, it displays normally in my PHP app. So I'm guessing there's some hidden character that PHP is picking up that I can't detect. Is there a way for me to clean this up? I've tried TRIM(), REPLACE,(), etc., all to no avail.
UPDATE: I've discovered that, when I click in the MySQL field and move among the characters using my arrow keys, I have to hit the arrow key TWICE to move past the # symbol, yet there is no visible space.
I made this sample code for you:
<?php
$test = "user #mail.com";
$aux = explode("#",$test);
$mailok = trim($aux[0])."#".trim($aux[1]);
echo $test." vs ".$mailok;
?>
This is likely something like non-breaking space (ascii 160). To get rid of it:
UPDATE my_table SET e_mail = REPLACE(e_mail, CHAR(160), '');
Try with a foreach cycle, and do the chr($char) function to every character in the string, it will display you the ascii code of each character in the string, and you will find the wrong character. It's the only solution I found. Hope to be useful