Htmlentities and a Form

PHP
1

I thought I understood how htmlentities works, but I am very confused when it comes to a using it with a Form…

In my Form I have…

	<textarea id="comments" name="comments" cols="50" rows="15"><?php echo (isset($comments) ? str2htmlentities($comments) : ''); ?></textarea>

So if I type this in the TextArea above and submit the Form…

An unrelenting and <b>record-setting heat wave</b> peaked this weekend, beating a broad swath of states into sweaty submission, with above-normal triple-digit temps stretching from St. Louis to Washington.

The searing heat withered crops in the fields, buckled roadways and caused a train derailment. At least 36 weather-related deaths have been reported since the temperatures first shot up 10 days ago.

…and then I access the command-line mysql client, shouldn’t I see this in the table…

An unrelenting and <b> record-setting heat wave </b> peaked this weekend, beating a broad swath of states into sweaty submission…

:-/

Debbie

2

You are using htmlentities in the form, you should use it when you submit and process the form. Actually you should store the raw data and use htmlentities when you echo out the results.

3

You would not need to use htmlentities() on a Form.

You have to apply htmlentities() to anything you output.

However, a Sticky Form has output.

So if I type in this into my Form which has a maximum of 20 characters…

<b>Debbie is cool!!!</b>

…then it will be echoed back with an error message.

Since the echoing back is OUTPUT, I would expect the line above to be converted to…

<b> Debbie is cool!!! </b>

And if I shorten it to…

<b>Debbie is cool!!!</b>

I would expect that output echoed in the Form to be saved into the database as…

<b> Debbie is cool!!! </b>

Follow me?!

Debbie

4

It won’t happen that way, because the entities exist only in the HTML source, and HTML parsers interpret those entities as if they were the literal characters they represent, with the exception that they’ll always be treated as content and not an HTML special character.

5

htmlentites are only use at submit and select data from database