So i have in my mysql
'UAB "Litofcų kontora"'
When i try to put it in input like this
<input type="text" value="UAB "Litofcų kontora""> it don't display whole thing because of the quotes how to make that only quotes replace with a html code?
tried htmlentities and htmlspecialchars but it converts ų to but i need that to be the way it's don't covert.
You have (only) to replace all " with " before outputing the input value. E.g. with str_replace:
$sInputValue = str_replace('"', '"', $sValueFromDb);
echo '<input type="text" value="' . $sInputValue . '">';
Also see this php exmaple and the resulting html example.
It looks like your problem is that the data has been encoded for HTML but only for use as a text node.
The solution therefore is to convert it from HTML to text, and then convert it back to HTML - but in a fashion suitable for putting in an attribute.
preg_replace_callback code from this comment in the PHP manual because html_entity_decode appears to not support numeric entities.
$input = 'UAB "Litofcų kontora"';
$attribute_safe = htmlspecialchars(
html_entity_decode(
preg_replace_callback(
"/(&#[0-9]+;)/",
function($m) { return mb_convert_encoding($m[1], "UTF-8", "HTML-ENTITIES"); },
$input
)
)
);
echo $attribute_safe;
Related
I'm using textarea to get data that I insert into a database.
I'm using htmlspecialchars() to get rid of the single quotes and double quotes but it doesn't convert new lines into something so I'm left with a very long piece of code that doesn't have new lines and looks messy.
I've checked the manual but I can't find how to convert it.
How would I do this?
EDIT:
My intended output is the same as what the user inputted.
So if they inputted into the textarea...
Hi
This is another line
This is another line
It would store into the database like...
Hi\r\nThis is another line\r\n This is another line.
or something like that.
Then when I echo it again then it should be fine.
Anthony,
If you are referring to when you get it back out and you want it to look nice, and you aren't putting it back into a textarea, you can use the mythical function nl2br() to convert new line characters into HTML characters.
$data = 'Testing\r\nThis\r\nagain!\r\n';
echo nl2br($data);
This results in:
Testing
This
again!
I believe what you are looking for is
nl2br($string);
That will convert the returns to <br> tags
I will also give you this script that has worked well for me in the past when nl2br does not.
$remove = array("\r\n", "\n", "\r", "chr(13)", "\t", "\0", "\x0B");
$string = str_replace($order, "<br />", $string);
It should be:
<?php
addslashes( strip_tags( nl2br( $data ) ) );
?>
addslashes : will escape quotes to prevent sql injection
strip_tags : will remove any html tags if any
nl2br : will convert newline into <br />
I have user input and use htmlentities() to convert all entities.
However, there seems to be some bug. When I type in
ääää öööö üüüü ääää
I get
ääää öööö üüüü ääää
Which looks like this
ääää öööö üüüü ääää
What am I doing wrong? The code is really only this:
$post=htmlentities($post);
EDIT 1
Here is some more code that I use for formatting purposes (there are some helpful functions it them):
//Secure with htmlentities (mysql_real_escape_string() comes later)
$post=htmlentities($post);
//Strip obsolete white spaces
$post = preg_replace("/ +/", " ", $post);
//Detect links
$pattern_url='~(?>[a-z+]{2,}://|www\.)(?:[a-z0-9]+(?:\.[a-z0-9]+)?#)?(?:(?:[a-z](?:[a-z0-9]|(?<!-)-)*[a-z0-9])(?:\.[a-z](?:[a-z0-9]|(?<!-)-)*[a-z0-9])+|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?:/[^\\/:?*"<>|\n]*[a-z0-9])*/?(?:\?[a-z0-9_.%]+(?:=[a-z0-9_.%:/+-]*)?(?:&[a-z0-9_.%]+(?:=[a-z0-9_.%:/+-]*)?)*)?(?:#[a-z0-9_%.]+)?~i';
preg_match_all($pattern_url, $post, $matches);
for ($i=0; $i < count($matches[0]); $i++)
{
if(substr($matches[0][$i],0,4)=='www.')
$post = str_replace($matches[0][$i],'http://'.$matches[0][$i],$post);
}
$post = preg_replace($pattern_url,'<a target="_blank" href="\\0">\\0</a>',$post);
//Keep line breaks (more than one will be stripped above)
$post=nl2br($post);
//Remove more than one linebreak
$post=preg_replace("/(<br\s*\/?>\s*)+/", "<br/>", $post);
//Secure with mysql_real_escape_string()
$post=mysql_real_escape_string($post);
You must manually specify the encoding (UTF-8) for htmlentities():
echo htmlentities("ääää öööö üüüü ääää", null, "UTF-8");
Output:
ääää öööö üüüü ääää
it is important that 3th parameter of htmlentities matches the character set that uses the post. I supouse, you are NOT submiting utf8, as it is the default in htmlentities
in PHP
$post = htmlentities ( $post, ENT_COMPAT, 'ISO-8859-1') // or whatever
in Form
<form action="your.php" accept-charset="ISO-8859-1">
anyway, actualy I recommend you to use utf8
I was provided with a set of data that represents URL links. Such as: "doug'sfood.jpg".
.
I keep these strings in an array, and then select them randomly to display inserting them into an
<img src="doug'sfood.jpg"></img>
What Chrome is putting out is:
<img src="doug'sfood.jpg"></img>
I tried replacing the quotes with a php escaped (\') apostrophe, but this just ended the quote prematurely.
Can someone help me? Thanks.
I think Chrome automatically escapes characters that are not correctly escaped.
Always use:
<img src="quote'quote.jpg" alt="" />
Instead of:
<img src="quote'quote.jpg" alt="" />
Certain characters should always be escaped in HTML, for example:
' -> '
& -> & or &
Check the htmlspecialchars() and urlencode() functions, example:
$string = "quote'quote.jpg";
echo htmlspecialchars($string, ENT_QUOTES);
// quote'quote.jpg
echo urlencode($string);
// quote%27quote.jpg
Anyway, when printing out the filename tags, use urlencode() rather than relying on HTML escapes or browser behaviour:
foreach ($img as $href) {
print '<img src="' . urlencode($href) . '" />';
}
This will become doug%27sfood.jpg in your example (AKA the correct way to do it). Which hopefully can be located by your webserver.
How do I convert a string that has a - or + sign to a html friendly string?
I mean to convert those characters to html notations, like space is and so on...
ps: htmlentities doesn't work. I still see the -/+
Try this
$string = str_replace('+', '+', $string); // Convert + sign
$string = str_replace('-', '-', $string); // Convert - sign
I don't think there is entities for these symbols see: http://www.w3schools.com/tags/ref_entities.asp
I tested with
$str = "- and +"; echo htmlentities($str);
and didn't get entities. According to: http://us.php.net/manual/en/function.htmlentities.php
I would expect them to be encoded if there was encoding available.
No idea what you want to accomplish. But this escapes selected characters to html entities:
$html = preg_replace("/([+-])/e", '"&#".ord("$1").";"', $html);
As far as I am aware, - and + are fine in HTML, and dont have an entity equivalent. See http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
Are you sure you're not thinking of URL encoding?
Specify that you want it to use unicode as follows:
htmlentities($str, ENT_QUOTES | ENT_IGNORE, "UTF-8");
Have a look at the 2nd comment on this page:
http://www.php.net/manual/en/function.htmlentities.php#100388
This will enable more encoding characters.
If you just want to encode some, then this is a little lighter weight:
<?php
$ent = array(
'+'=>'+',
'-'=>'+'
);
echo strtr('+ and -', $ent);
?>
I would like to know If I can use a php function on a variable that contains delimiters like ' or ". I'm receiving a text content from my database and I would like to use: strip_tags($desc); on it but it does not work.
Here is an example of what it can contain using var dump:
string(1039) ""txt txt . txt'txt txt txtxtxtxt& " "
I guess you want to remove all tags. You should use the builtin function strip_tags() instead.
I'm assuming you want to work on the variable, not strip out the tags, then use this:
<?php
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
?>
htmlentities, will make your ' & " safe to handle, then you can convert them back after if needed.
Reference for code: http://us2.php.net/manual/en/function.htmlentities.php
Try not to use ereg_replace as it is going to be discontinued.
ereg_replace
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
strip_tags
That said do you want to change all those chars to empty or are you trying to strip the tags? You can also convert the chars to the html_entities.
$desc = strip_tags($desc);