This question already has an answer here:
Closed 11 years ago.
Possible Duplicate:
replace & for &
For a wordpress page to be validated, all & should be replaced with &
I know java but i do not know PHP. So how do i do this in wordpress?
Use htmlspecialchars before printing:
$text = htmlspecialchars($text)
You can escape ampersands & as well as quotes and brackets using the htmlspecialchars() function.
Like the others said, htmlspecialchars() works. Also check out htmlentities() which has a broader range of characters to replace for further scrubbing of the string.
Related
This question already has answers here:
Why is "®" being rendered as "®" without the bounding semicolon
(8 answers)
Should an ampersand be URL encoded in a query string?
(2 answers)
Closed 2 years ago.
I have with an unwanted replaced, and not able to figure out how to fix it.
When you echo the following string in PHP
echo('?hash=123&rid=111×tamp=123');
The output is:
?hash=123&rid=111×tamp=123
Note that ×tamp has been replaced with ×tamp
I tried to escape it by using \×tamp but that doens't work.
How can I prevent PHP replacing this?
You can reproduce this error online using http://phptester.net/
You have to escape that string, because & is a special symbol in HTML.
echo htmlspecialchars('?hash=123&rid=111×tamp=123');
More information on the PHP site: https://www.php.net/manual/en/function.htmlspecialchars.php
This question already has answers here:
How to use str_replace to replace single and double quotes
(7 answers)
Closed 4 years ago.
I'm having trouble replacing a single quote in a string, the purpose is to create part of an URL
For example : If I type in "Villeneuve d'ascq" I would want to have :
Villeneuve+d%27ascq", %27 being the ascii equivalent of (')
I tried using str_replace("'", ord("'"), string_name) but it doesn't seem to work
Any help would be appreciated and feel free to ask for any more details
Please try this :
echo 'test';
You can also check this at :
PHP MANUAL
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 8 years ago.
I have a string which is a path and is a variable in which I have to save in my database. But the path is
C:\foldera\folderb\folder1\folder2
and obviously I need it to be
C:\\foldera\\folderb\\folder1\\folder2
for the insertion in database of mysql.
Please help me find the solution. I tried str_replace but it won't work.
Thanks in advance.
The function you are looking for is addslashes($string); This function adds the slashes to turn your string into the string you are looking for. But if you are planning on using it as a parameter in an SQL statment you want to use mysqli_real_escape_string()
Also use single quotes in the string in order for addslashes() to work properly. double quotes will parse it as \f not just '\'.
This question already has answers here:
How can I properly escape HTML form input default values in PHP?
(3 answers)
Closed 8 years ago.
http://pastebin.com/Jti6DWU6 <--
This is a script in which there are 3 forms and i want to prevent special chars in the first field to prevent iFrame Injection...
I suck at programming
Can anyone help me with this?
You may use htmlspecialchars, that's what that function is for.
Check the manual.
Here's an example from the manual:
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
Just add the string to the 1st argument of the function. The 2nd will tell the function how to handle quotes. In the example above, it will convert both double and single quotes.
Classical protection that google could have provide you in a few seconds...
htmlspecialchars or htmlentities is the way to go.
https://php.net/htmlspecialchars
https://php.net/htmlentities
This question already has answers here:
How do I escape special characters in MySQL?
(8 answers)
Closed 8 years ago.
i was wondering how can i include everything written on my textbox to be inserted in mysql database
for example:
textbox = "{\buildrel{\lim}"
but what happens is the \ (backslash) remove 'b' and 'l' and the data inserted to my database will be
{uildrelim} somewhat like this, it might come up removing the { } as well
so is there any techniques or method you can advise? so that everything i put in my textbox will be inserted to my database as it is.
I found this solution:
i just need to use the str_replace() method to replace single \ with double \\
$textbox = str_replace('\\\','\\\\\\\',$textbox);
where {\buildrel{\lim} will be {\\\buildrel{\\\lim}
No, You dont use str_replace(), you have addslashes() and stripslashes(), those two are the two functions you are looking for.
Changing a string with str_replace functions isnt a smart thing to do. Those functions aren't created with this in mind, the add/striposlashes are. You might forget a character which you needed to str_replace with a slash.
Also, that whole battery of slashes and escaping slashes doesnt make your code very readable :P