This question already has answers here:
htmlentities() vs. htmlspecialchars()
(12 answers)
Closed 8 years ago.
I have read their documentation, but I still don't get when to use each of them and their difference.
Let's consider the situation of having a general string in a variable and needing to echo it inside HTML code. If it has any HTML markup in it, I want it converted to HTML code (< replaced by <, & replaced by &. If it has UTF special chars that aren't available in HTML code, it's replaced by HTML number (• replaced by •).
What's the best function for that?
A harder need: unprintable chars, like \n, char(10), char(13), etc, be replaced by their number code, in the case the string is printed inside <pre> or any special textarea so that the string be dumped.
htmlentities is a workaround for not having set the character type of the document properly. htmlspecialchars is the correct function to use for merely writing text into an HTML document.
As to your second question, I think you're looking for addcslashes.
Related
This question already has answers here:
PHP URL Encoding / Decoding
(4 answers)
Closed 8 years ago.
I can print a url with the following:
<?php print $base_url . $node_url ?>
What is the standard PHP way of converting special characters?
So instead of: http://time.com/3525666/ebola-psychology-fear-symptoms/
I need http%3A%2F%2Ftime.com%2F3525666%2Febola-psychology-fear-symptoms%2F
You would use urlencode for that sort of escaping.
Other escaping functions exist for other purposes, like htmlspecialchars for making text output safely for HTML display.
use his function in php , it is built in function to encode in url format
urlencode();
Just to add, htmlspecialchars, as mentioned above in the comment can take care of few html entities, not all of them.
Use htmlentities() instead:
$query_string = 'foo=' .urlencode($foo) . '&bar=' . urlencode($bar);echo '';
This question already has answers here:
Enclosing the string with double quotes
(3 answers)
Closed 8 years ago.
I am trying to build a function (unless there is already one, I was not able to find one) that satisfies:
being saved in a MySQL database → mysqli_real_escape_string
being saved in a serialized array in a MySQL database (I had issues when unserialize failed)
as for output:
doesn't interfer with HTML → utf8_encode(htmlentities($source, ENT_QUOTES | ENT_HTML401, 'UTF-8'));
doesn't interfer with it being a query in an URL, thus encoding the '&','%'
Please give me any advice if there is an idea on how to improve secure encoding.
And I am not sure about the functions give, whether they are the best to be used.
I also had issues with non-printable characters and tried
PHP: How to remove all non printable characters in a string?
$s = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x80-\x9F]/u', '', $s);
EDIT
Because of the diversity of this question, I want to substantiate the question on how to clean a string that is an element of an array that is put with serialize() in a database ´?
For instance, I had a failure when trying to unserialize after having put a string containing a newline (\n or \r) into an string element of an array that has been serialized successfully...
EDIT_2
The reason for why I have tried to issue encoding HTML entities before saving them into the DB using mysqli_real_escape_string() is that when recalling/loading this object from the DB, the data has changed. For example a user wants to put the string test'test into the database that is encoded by mysqli_real_escape_string() to test\'test and then when loaded from the DB it's still test\'test whcih is NOT what the user wants to have neither what he has sent . Please if you could find a solution for this -- mine was to apply sth. like where mysqli_real_escape_string() had no effect as the quotes have already been HTML encoded.
From the top of my head, I feel you should try json_encode and json_decode
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
How to decode numeric HTML entities in PHP
How does one remove/replace ” characters from a string?
I've tried html_entity_decode but it don't seem to work. There are other similar characters in the string that don't seem to be converted or removed.
Any ideas?
The issue is that html_entity_decode() doesn't translate numeric entities.
I added an answer to the suggested duplicate How to decode numeric HTML entities in PHP
str_replace(array('”', '”'), '', $thestring);
Here is a working example: http://codepad.org/gXrZcxaF
Does this do what you're looking for:
http://shiflett.org/blog/2005/oct/convert-smart-quotes-with-php Converting smart quotes and other characters with PHP so they display correctly
http://ca2.php.net/manual/en/function.htmlentities.php#84612 Dealing with Numeric entities in PHP (comment on the manual)
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
In PHP what does it mean by a function being binary-safe ?
What exacly does it mean a function (example: dirname) is binary safe?
It means two things. First the function works on strings that contain \0 the NUL byte. This is not a given, because functions are often implemented in C which would treat that as string terminator. PHP however uses length-denominated strings.
Second, in some contexts it means that a particular string function ignores the character set and does not try to interpret UTF-8 sequences. For raw binary data the UTF-8 sequencing would be wrong, thus making functions fail if they try to treat it as text.
It means that the data will not be interpreted as text.
It means that binary data can pass through the function, and it won't be treated as text. Sometimes if you have string functions and you try to use them for raw binary data (such as a string replace function in other languages), they will garble your data.
Perhaps a better description at http://en.wikipedia.org/wiki/Binary-safe
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 9 months ago.
We've got some fraction information stored in the database, e.g. ¾ ½
Short of doing a search and replace, are there any inbuilt PHP functions that will automatically convert these to proper html entities?
You can use the htmlentities() function. This will replace all special characters with their HTML equivalent. It should do the job.
htmlentities.
But you probably don't need to. Serve your page in an encoding that includes them (UTF-8, ISO-8859-1) and you can include those as literal, unescaped characters.
The answer is already given: use htmlentities(). In addition, the use of UTF-8 has been suggested, which of course is a really good idea. However, if you're planning on using htmlentities() on UTF-8 strings, use the following code (or you'll get weirdly encoded characters):
htmlentities($str, ENT_COMPAT, 'UTF-8')
As you can imagine, it sucks having to add the second and third argument all the time. For most projects I need htmlentities() in, I end up writing the a shortcut function, i.e.:
function he($str) { // shortcut function for htmlentities() with UTF-8 settings
return htmlentities($str, ENT_COMPAT, 'UTF-8');
}
try htmlentities()