SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: A quick question on htmlspecialchars

  1. Oct 25, 2011 02:21 #1
    Divisive Cotton
    Divisive Cotton is offline
    SitePoint Addict Divisive Cotton's Avatar
    Join Date
    Jun 2008
    Location
    Andy lives in London, UK
    Posts
    393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    A quick question on htmlspecialchars

    If filter input and escape output is the correct approach then using htmlspecialchars like below is the correct way, yes?

    Code:
    $body = "Body text";

$body = htmlspecialchars($body, ENT_QUOTES, 'UTF-8');

return $body;
    But say for instance the body text has a html link within it then the will be converted to this:

    Code:
    <a href="http://www.appmobi.com/?q=node/66">AppMobi App School</a>
    Which means that instead of displaying a clickable link the html page displays the code like so:

    Code:
    <a href="http://www.appmobi.com/?q=node/66">AppMobi App School</a>
    Let everyday be Christmas
    Reply With Quote Reply With Quote
  2. Oct 25, 2011 08:02 #2
    ahundiak
    ahundiak is offline
    SitePoint Evangelist
    Join Date
    Nov 2003
    Location
    Huntsville AL
    Posts
    538
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You don't use htmlspecialchars on a complete page. Instead, you need to selectively apply it to content areas. In your example:
    PHP Code:
    <a href="http://www.appmobi.com/?q=node/66">
      <?php echo htmlspecialchars('AppMobi App School'); ?>
    </a>
    That protects you against the possibility that a school's name might include <>&'
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules