SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    htmlentities and a Form

    I thought I understood how htmlentities works, but I am very confused when it comes to a using it with a Form...

    In my Form I have...

    PHP Code:
        <textarea id="comments" name="comments" cols="50" rows="15"><?php echo (isset($comments) ? str2htmlentities($comments) : ''); ?></textarea>

    So if I type this in the TextArea above and submit the Form...

    An unrelenting and <b>record-setting heat wave</b> peaked this weekend, beating a broad swath of states into sweaty submission, with above-normal triple-digit temps stretching from St. Louis to Washington.

    The searing heat withered crops in the fields, buckled roadways and caused a train derailment. At least 36 weather-related deaths have been reported since the temperatures first shot up 10 days ago.
    ...and then I access the command-line mysql client, shouldn't I see this in the table...

    An unrelenting and &lt;b&gt; record-setting heat wave &lt;/b&gt; peaked this weekend, beating a broad swath of states into sweaty submission...



    Debbie

  2. #2
    SitePoint Wizard lorenw's Avatar
    Join Date
    Feb 2005
    Location
    was rainy Oregon now sunny Florida
    Posts
    1,098
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You are using htmlentities in the form, you should use it when you submit and process the form. Actually you should store the raw data and use htmlentities when you echo out the results.
    What I lack in acuracy I make up for in misteaks

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lorenw View Post
    You are using htmlentities in the form, you should use it when you submit and process the form. Actually you should store the raw data and use htmlentities when you echo out the results.
    You would not need to use htmlentities() on a Form.

    You have to apply htmlentities() to anything you output.

    However, a Sticky Form has output.

    So if I type in this into my Form which has a maximum of 20 characters...

    <b>Debbie is cool!!!!!!</b>
    ...then it will be echoed back with an error message.

    Since the echoing back is OUTPUT, I would expect the line above to be converted to...

    &lt;b&gt; Debbie is cool!!!!!! &lt;/b&gt;
    And if I shorten it to...

    <b>Debbie is cool!!!</b>

    I would expect that output echoed in the Form to be saved into the database as...

    &lt;b&gt; Debbie is cool!!! &lt;/b&gt;

    Follow me?!


    Debbie

  4. #4
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,246
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    It won't happen that way, because the entities exist only in the HTML source, and HTML parsers interpret those entities as if they were the literal characters they represent, with the exception that they'll always be treated as content and not an HTML special character.
    "First make it work. Then make it better."

  5. #5
    SitePoint Member
    Join Date
    Apr 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    htmlentites are only use at submit and select data from database


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •