SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict Divisive Cotton's Avatar
    Join Date
    Jun 2008
    Location
    Andy lives in London, UK
    Posts
    393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    A quick question on htmlspecialchars

    If filter input and escape output is the correct approach then using htmlspecialchars like below is the correct way, yes?

    Code:
    $body = "Body text";
    
    $body = htmlspecialchars($body, ENT_QUOTES, 'UTF-8');
    
    return $body;
    But say for instance the body text has a html link within it then the will be converted to this:

    Code:
    <a href="http://www.appmobi.com/?q=node/66">AppMobi App School</a>
    Which means that instead of displaying a clickable link the html page displays the code like so:

    Code:
    <a href="http://www.appmobi.com/?q=node/66">AppMobi App School</a>
    Let everyday be Christmas

  2. #2
    SitePoint Guru
    Join Date
    Nov 2003
    Location
    Huntsville AL
    Posts
    689
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    You don't use htmlspecialchars on a complete page. Instead, you need to selectively apply it to content areas. In your example:
    PHP Code:
    <a href="http://www.appmobi.com/?q=node/66">
      <?php echo htmlspecialchars('AppMobi App School'); ?>
    </a>
    That protects you against the possibility that a school's name might include <>&'


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •