So, I am trying to use htmlspecialchars() to protect my website but unfortunately I got stuck in this code:
<?php
function wrap_nome($firstname, $lastname)
{
$join = htmlspecialchars($firstname, ENT_QUOTES) . ' ' . htmlspecialchars($lastname, ENT_QUOTES);
if (mb_strlen($join) > 32)
{
$text = substr($join,0,32);
return $text . " ...";
}
else
{
return $join;
}
}
$nome = wrap_nome($firstname, $lastname);
echo '<span style="color:#7F7F7F;font-family:Arial;font-size:13px;"><b>' . $nome . '</b></span>';
?>
Initially I thought that the problem maybe was the fact that the string $nome had double and single quotes, then I removed them and found out that htmlspecialchars($lastname, ENT_QUOTES) continues to be echoed and htmlspecialchars($firstname, ENT_QUOTES) continues to give me an empty string!
If I do this:
echo '<span style="color:#7F7F7F;font-family:Arial;font-size:13px;"><b>' . htmlspecialchars($nome, ENT_QUOTES) . '</b></span>';
... It wont output anything.
Any ideas of what is causing this ?
htmlspecialchars returns FALSE if it gets an error, which happens if $nome contains any characters that can't be represented in the specified character set. The character set defaults to ISO8859-1 before PHP 5.4, UTF-8 since then, try using htmlspecialchars($nome, ENT_QUOTES, 'iso8859-1').
If that doesn't work, see the list of character sets in the documentation and use the appropriate one for your names.
Simply replace
htmlspecialchars($str,ENT_QUOTES );
with
htmlentities($st ,ENT_QUOTES ,"UTF-8");
Related
How can i prevent that PHP converts a recognized part of a string to an html-entity?
So e.g. lets say i have to concat parts together to an url, like:
echo '&' . 'section=' . '<br>';
$a = '&a';
$b = 'mplitude=';
echo "{$a}{$b}" . '<br>';
echo sprintf("%s%s", '"e', '=');
the code above prints the following:
§ion=
&litude=
"e=
instead of:
§ion=
&litude=
"e=
how can this be prevented without throwing filters on it trying to convert the symbols back to an string again?
You need using htmlspecialchars function:
echo htmlspecialchars('&' . 'section=' . '<br>');
i need to convert decimals values into unicode and display the unicode character in PHP.
so for example, 602 will display as this character: ɚ
after referencing this SO question/answer, i was able to piece this together:
echo json_decode('"' . '\u0' . dechex(602) . '"' );
this seems pretty error-prone. is there a better way to do this?
i was unable to get utf8_encode to work since it seemed to want to start with a string, not a decimal.
EDIT: in order to do characters between 230 and 250, double prefixed zeros are required:
echo json_decode('"' . '\u00' . dechex(240) . '"' ); // ð
echo json_decode('"' . '\u00' . dechex(248) . '"' ); // ø
echo json_decode('"' . '\u00' . dechex(230) . '"' ); // æ
in some cases, no zero is required:
echo json_decode('"' . '\u' . dechex(8592) . '"' ); // ←
this seems strange.
While eval is generally to be avoided, it seems strictly-controlled enough to be fine here.
echo eval(sprintf('return "\u{%x}";',$val));
echo json_decode(sprintf('"\u%04x"',$val));
this ultimately worked for me, but i would not have found this without the answer from Niet the Dark Absol
normally, when i attempt to answer my own question, some SO wizard comes along and shows me a built-in function that i should have known about. but until that happens, this is all i can think of:
$leading_zeros = null;
if ( strlen(strval(dechex($val))) >= 4 ) {
$leading_zeros = '';
} else if ( ctype_alpha(dechex($val)[0]) ) {
$leading_zeros = '00';
} else if ( ctype_digit(dechex($val)[0]) ) {
$leading_zeros = '0';
}
echo json_decode('"' . '\u' . $leading_zeros . dechex($val) . '"' );
EDIT: when trying to something similar for javaScript, the documentation tells me the format is supposed to look like "\u####' four digits. i dont know if this is similar to PHP or not.
If you have IntlChar available I'd recommend using IntlChar::chr:
var_dump(IntlChar::chr(602));
Failing that, something like the following avoids any eval/json_decode trickery:
var_dump(iconv('UTF-32BE', 'UTF-8', pack('N', 602)));
I'm writing a function to output HTML elements, the problem is: when I try to concatenate this two strings:
$tag = "<" . "tag";
The instruction echo $tag outputs nothing. What is wrong
As mentioned in comments, special characters like <, will be parsed by browser as HTML, therefore you won't see them as you expect.
Its almost the same thing:
$tag = 'p';
echo '<' . $tag '>' . Test . '</' . $tag . '>';
Which is the same as
echo '<p>' . Test . '</p>';
So after script execution you'll see just
Test
in a browser. but when viewing a source, it will be as
<p>Test</p>
If for some reason you want to see HTML tags, then you need to escape special chars using built-in function htmlentities().
In your case, you can just prepare a string, then just echo it like
echo htmlentities($string);
If by tag you mean an HTML entity then its not going to be seen in the browser. You may need to do a 'view source' to see what was created by echo call.
Ok I need to find out what is contained inside a PHP variable and I have it to do it visually, is there a function to display whatever that's contained in a string as it is?
For example :
$TEST = ' ' . "\n" . ' ';
if I use echo the output will be :
while i want it to be :
 \n 
is it possible? (I hope I was clear enough)
ty
You can use json_encode with htmlspecialchars:
$TEST = ' ' . "\n" . ' ';
echo json_encode(htmlspecialchars($TEST));
Note that json_encode has third agrument in PHP 5.4.
var_dump() should do the work for you?
Example:
echo "<pre>";
var_dump($variable);
echo "</pre>";
Use <pre> to keep the format structure, makes it alot easier to read.
Resources:
http://php.net/manual/en/function.var-dump.php
http://www.w3schools.com/tags/tag_pre.asp
Try print_r, var_dump or var_export functions, you'll find them very handy for this kind of needs!
http://www.php.net/manual/en/function.htmlspecialchars.php
or
http://www.php.net/manual/en/function.htmlentities.php
$TEST = ' ' . "\n" . ' ';
echo htmlspecialchars(str_replace('\n','\\n', $TEST), ENT_QUOTES);
or
$TEST = ' ' . "\n" . ' ';
echo htmlentities(str_replace('\n','\\n',$TEST), ENT_QUOTES);
You may have to encode the newlines manually. If you want to encode them as actual newlines you can use nl2br. Or string replace these characters with your preference. Update: as I have added to the code per request. String replace special characters you wish to see like newlines and tabs.
assuming you want it for the debugging purposes, let me suggest to use urlencode(). I am using it to make sure I don't miss any invisible character.
The output is not that clear but it works for me.
I have the following variable which returns my URL as needed. But i need to run str_replace() on it to replace a character before echoing it into my HTML code.
$url = str_replace("%3A", ":", " . nl2br( $row['url']) . ");
As it stands the " . nl2br( $row['url']) . " contains %3A instead of the colon in the URL and for some reason its rendering my links like this
http://www.mydomain.com/http%3A//url.com
I'm not really sure what your question is, but it looks like this is what you want:
$url = urldecode($row['url']);
The %3A is a URL encoded colon (:).