This question already has answers here:
Best practice for PHP output
(3 answers)
Closed 9 years ago.
I have an html form that when users fill out, the information is processed and encoded into an email. The issue that keeps arising is when my company receives user emails the encoding turns colons, semi-colons, ampersands and commas into :, ;, & and , which makes emails difficult to read.
As a newcomer to PHP and encoding i'm not sure which approach to take. Should I convert the email to an html format or should I remove the encoding all together? Could someone provide information/guidance on approaching this conflict?
Thank is advance!
Should I convert the email to an html format
It will be better way, use html_entity_decode() to convert : into readable chars
If I'm understanding you right the people filling out the form are putting in punctuation or chars that are being converted to asci. To stop this use:
$yourvariable = htmlspecialchars($_POST['your input field'], ENT_QUOTES);
This should strip out most of the nasty stuff.
You can use HTMLEntities, which converts applicable characters to HTML entities.
Also, strip_tags works, when you want to remove html tags from a message.
Related
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 7 years ago.
I have have string in php as follows:
shows that he/she is a firm believer in “If it ain’t broke, don’t fix it” or “leave well enough alone”
when I print this string it output something like this:
shows that he/she is a firm believer in “If it ain’t broke, don’t fix it†or “leave well enough aloneâ€
How can i print this exactly as the first one? is there any solution?
Ensure that your source code file uses the same charset as the browser interpreting your file. For example if you store your source code as utf-8, be sure to tell the browser to use utf-8 too:
<meta charset="utf-8">
If the text comes from a database or a file, ensure the table/file uses the same charset too.
try with,
print_r(utf8_encode($text));
This question already has answers here:
when to use htmlspecialchars() function?
(4 answers)
Closed 9 years ago.
I need to convert my strings to special characters using:
htmlspecialchars
My question is, should I convert my data before submitting it to a database or should I convert it before I display it?
You should sanitize data before inserting it into a database, and escape it on retrieval.
htmlspecialchars is used for escaping, so it should be after you’ve fetched it from the database.
It makes the data safe to insert into an HTML document. Use it before you insert it into an HTML document, not a database.
It's generally the better idea to not modify source data before storing it. It will tie your data to the specific context you're using it in. What if you ever need a different way of displaying it, e.g. in a PDF, or text format? Then you will have the html entities in your text and would need to convert them back.
IMHO Performance considerations are secondary in this regards, one can still make use of caching technologies for views for this.
So, on the bottom line I suggest you always prepare your strings before display.
I'm assuming the data is already escaped sanitised before you put it into the database so it is safe. From there, I try to change the data as little as possible on the way to the database.
The thing to remember is that maybe you're using the copy now on your website, but later down the line you may like to use it on a different device or on print. If you use htmlspecialchars before it goes to the database, you'll have to clean it up if you want to use it for something other than HTML. Formatting dates as strings before putting them into a database is a common one, but when you want to change the format...
This question already has answers here:
Sitemap urls with special characters [closed]
(6 answers)
Closed 9 years ago.
I want to submit my sitemap to Google, but I don't want to mess anything up. I am also having trouble with the URLs to submit; some of them have special characters in them such as the ampersand (&) symbol and parenthesis (). I just want to know what is the correct way to handle them?
I am currently using PHP's urlencode(), which turns them in to %28, %29 and so on which doesn't really look too good and I am scared if I give Google those links and they go on to index them they will index them as
domain.com/blabla%28blabla.html
Rather than
domain.com/blabla&blabla.html
Are you generating the XML by hand? Please consider using something like the PHP DOM classes instead.
You'll actually want to encode ampersands as &, etc., but it's really best to let a library emit well-formed XML for you.
See Generating XML document in PHP (escape characters) for more discussion of this.
urlencode() is the right function to use. You definately don't want ampersands in your URL because they are a special character used to form a URL (for passing GET variables).
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
UTF-8 all the way through
Either by using file_get_contents() or curl functions, output is wrong, to be specific, east-european č and ć latin characters is always replaced by nasty characters, šđž sometimes, depends if I'm trying something with changing internal encoding of PHP - it only get worse.
Yes, I've read similar topics, but with following these instructions, things get worse.
Does anyone have solution? Thanks in advance.
It's likely that you try to display the data with wrong encoding, if the data your accessing with file_get_contents/curl is a remote html page, read the Content-Type from header or tag and convert the encoding using iconv
How to allow these types of HTML tags inside the textarea for PHP into MySQL? The simple ones maybe... <b>, <i>, <u> etc.
Thank you.
The php function strip_tags can be used for stripping all html tags except for $allowable_tags. Which can be specified like this:
strip_tags($textareaUserInput, '<b><i><u>');
I guess it's something like this that you want. However this doesn't solve possible problems with special characters that need to be escaped.
Also: Have a look at HTML Purifier as #Phil suggest in his comment. This is especialy a good idea if you are worried about security loopholes like XSS and such, because strip_tags won't be good enough if you allow certain tags to persist.
You can leave HTML-tags as is, because both PHP and MySQL don't have problems with that. When retrieving data from the database and place it inside the textarea, make sure to use htmlspecialchars() to convert characters with a special meaning to HTML-entities.
For example < will be converted to <.