SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Guru
    Join Date
    Sep 2004
    Location
    Provo, UT
    Posts
    865
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Concat question when using htmlspecialchars

    $firstName = "Bénny";
    $lastName = "O'Drärön";


    print ("<input name='myData' type='text' value='".htmlspecialchars($firstName)." ".htmlspecialchars($lastName)."'>");

    Produces:

    Bénny O

    Apparently I am doing something wrong with the concatenation. Do you see anything amiss?

    Thanks!
    Convert your dollars into silver coins. www.convert2silver.com

  2. #2
    SitePoint Member parkerj's Avatar
    Join Date
    Nov 2010
    Location
    Boston, MA
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't think you are doing anything wrong. It is the apostrophe in the last name. Try escaping it like below, and see if that helps.

    PHP Code:
    $lastName "O\'Drärön"

  3. #3
    SitePoint Guru
    Join Date
    Sep 2004
    Location
    Provo, UT
    Posts
    865
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yes, but htmlspecialchars is supposed to handle slashes. I think the problem has something to do with the way I have done the concat. For whatever reason, the following version works. However, I was trying to do with single quotes instead of double quotes:

    PHP Code:
    print ("<input name=\"myData\" type=\"text\" size=\"30\" maxlength=\"40\" value=\"".htmlspecialchars($firstName)." ".htmlspecialchars($lastName)." \">"); 
    Convert your dollars into silver coins. www.convert2silver.com

  4. #4
    SitePoint Member parkerj's Avatar
    Join Date
    Nov 2010
    Location
    Boston, MA
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I understand, that is why I posted that code. By trying to use single quotes, it was interpreting the apostrophe in the last name. Allow me to interpret how PHP was interpreting your code:

    PHP Code:
    ' " Bénny O'
    Do you see it now? PHP was interpreting the apostrophe as an end point of parsing the data.

  5. #5
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,314
    Mentioned
    19 Post(s)
    Tagged
    1 Thread(s)
    busboy, I don't see anything wrong in the code you posted. And I copy-pasted it, and it ran just fine for me. That should mean that the real issue is elsewhere in the code you haven't posted.
    "First make it work. Then make it better."

  6. #6
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    73 Post(s)
    Tagged
    0 Thread(s)
    The answer to this I believe lies in PHP's htmlspecialchars options.

    By default, htmlspecialchars will NOT convert ' into the HTML entity . This is the default (ENT_COMPAT) mode.

    So when you execute your code as written, your output would be:

    PHP Code:
    <input name='myData' type='text' value='B#233;nny O'Dr#228;r#246;n'> 
    Note the coloring, and you'll see why you got what you did.

    If you want apostrophes to be converted, you'll have to specify that flag when you call htmlspecialchars;
    htmlspecialchars($lastName,ENT_QUOTES|ENT_HTML401)

    This will convert both " and ' to their HTML Entities.

    (EDIT: Yeah, and SP wont let me put in the special characters lol. I've removed the &'s in front of them to make it not-translate, but you get the picture.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  7. #7
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,314
    Mentioned
    19 Post(s)
    Tagged
    1 Thread(s)
    Whoops. Good catch, StarLion.
    "First make it work. Then make it better."

  8. #8
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,871
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by StarLion View Post

    (EDIT: Yeah, and SP wont let me put in the special characters lol. I've removed the &'s in front of them to make it not-translate, but you get the picture.
    If you put &amp; on the front of entity codes as you enter them the & should display without converting the codes - or simply specify the code outside of a code box and it will not get converted at all.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •