Search DaniWeb - htmlentities()

htmlentities() Ã©Ã¨ 13 Years Ago by Geertc Hello, I have a problem with htmlentities(). I 'm missing something here, but I don'… set to utf-8, the result of [CODE]echo htmlentities('éè')[/CODE] is [COLOR="Red"]Ã©Ã¨[/COLOR]. Why isn…, I prepare the string as follows : [CODE]$name = htmlentities(mysqli_real_escape_string($dbc, trim($name)));[/CODE] In my database, I have… Re: htmlentities() Ã©Ã¨ 13 Years Ago by Geertc Is it necessary to manipulate user-input with htmlentities before inserting it into the database ? [CODE] $name … valid....and than prepare to insert in db $name = htmlentities(mysqli_real_escape_string($dbc, trim($name))); // next insert data in db… [/CODE] I've seen bits of code where 'htmlentities' is used, and 'strip_tags' is not used. (and… Re: htmlentities() Ã©Ã¨ 13 Years Ago by metalix Hey again. yes you definitely need to use htmlentities when outputting any user data. especially if that data is going inside a tag you will need to use htmlentities('',ENT_QUOTES) so it doesn't break your site Re: htmlentities() Ã©Ã¨ 13 Years Ago by diafol … use mysql_real_escape_string(), you've got all the quotes covered. Using htmlentities or striptags can be used when outputting to protect yourself… in utf8, I can't see the benefit in using htmlentities just to [B]store [/B]non-ASCII characters. Anybody have… Re: htmlentities() Ã©Ã¨ 13 Years Ago by Geertc Hey Ardav, That's the point. In my case, if I use htmlentities before storing data in my db, I have to change the size of my db-fields to 3 times the size they have now. If I don't use htmlentities, I save a lot of memory... Re: htmlentities() Ã©Ã¨ 13 Years Ago by diafol Yes, I'd leave the htmlentities personally. However, take heed of the need to increase your …Ã«rnÃ¢tiÃ´nÃ lizÃ¦tiÃ¸n (on the button!) The htmlentities('Iñtërnâtiônàlizætiøn') gives a… Re: htmlentities() Ã©Ã¨ 13 Years Ago by Geertc Thanks Metalix ! Does this mean that, if you webpages are utf-8 encoded, you don't really need to use the htmlentities()-function ? htmlentities() expects parameter 1 to be string 10 Years Ago by nadiam …="11" value="<?php if(@$fothers){echo htmlentities(@$fothers);} ?>"> but i got this error in…. <br /><b>Warning</b>: htmlentities() expects parameter 1 to be string, resource given in <… Re: htmlentities() expects parameter 1 to be string 10 Years Ago by nadiam …="11" value="<?php if(@$row){echo htmlentities(@$row);} ?>"> i got this error: <br… /><b>Warning</b>: htmlentities() expects parameter 1 to be string, array given in <… Re: htmlentities() expects parameter 1 to be string 10 Years Ago by pritaeas <input type="text" placeholder="0" name="febothers" size="11" value="<?php if(@$row){echo htmlentities(@$row['others']);} htmlentities ruining some characters 13 Years Ago by ErlendHL Hi! I have been making a chat program. In PHP I control user inputs with htmlentities so they can't write html. But this also ruins the precious æøåöüÿëäñ etc.. characters! Would it be safe to only remove the < and >s? Or is there another way to avoid this? Re: htmlentities ruining some characters 13 Years Ago by ErlendHL When I use htmlentities with the charset UTF-8, it works. Thanks for your help anyway :) Re: htmlentities() Ã©Ã¨ 13 Years Ago by metalix Try this code I found a while back [CODE]function charset_decode_utf_8($string) { if(@!ereg("[\200-\237]",$string) && @!ereg("[\241-\377]",$string)) { return $string; } $string = preg_replace("/([\340-\357])([\200-\277])([\200-\277])/e","'&#'.((ord('\\1')-224)*4096 + (ord('\\2')-128)*… Re: htmlentities() Ã©Ã¨ 13 Years Ago by diafol I've had problems with multibyte characters since before I could walk! Firstly, ensure everything is set to UTF-8 (head encoding and DB charset).7 Make sure that your files are saved as "UTF-8 without BOM". You can check this with a free-use editor like Notepad++. Non-US-ASCII (or whatever you want to call them) characters take up 2 … Re: htmlentities() Ã©Ã¨ 13 Years Ago by Geertc This has helped me a lot, thanks ! how to escape some html tags from htmlentities 12 Years Ago by aaloo …gt; tags in my post. but I m also using htmlentities function for "post" string variable ( like this …-- <?php echo htmlentities($post); ?> ) to prevent sql injection attack. this htmlentities function will show my tags as… is there any way to escape these tags from htmlentities function??? i hope you have understand what i am… Re: how to escape some html tags from htmlentities 12 Years Ago by aaloo I Am using mysql_real_escape_string() before store the text into database and then i am htmlentities function to display the text in browser. can i use strip_tags() function like this [CODE] <?php $post =htmlentities($post); $post=strip_tags($post); echo $post ?>[/CODE] will it improve my security from sql injection ? Re: how to escape some html tags from htmlentities 12 Years Ago by diafol I can't see any advantage in using htmlentities with regard to helping with security wrt SQLinjection. AFAIK, preventing … or is_float. I don't see the advantage of using htmlentities with regard to making SQL input safe. Strip_tags shouldn't… problem with htmlentities 11 Years Ago by rogerg …form-guide.com). I don't think the htmlentities check work and I don't know what's…GetErrorMessage() { if(empty($this->error_message)) { return ''; } $errormsg = nl2br(htmlentities($this->error_message)); return $errormsg; } However, when I try to… problems with htmlentities(noob question) 14 Years Ago by Muazam Hey, htmlentities doesn't work in this code of mine, someone know …; <?php foreach ($_GET as $key => $verdi) { $verdi = htmlentities($verdi); $key = htmlentities($key); } echo "You live in "; echo $_GET… Re: problems with htmlentities(noob question) 14 Years Ago by somedude3488 You are just setting the value to a variable. You should do something like this: [code] foreach( $_GET as $key => $val ) { $_GET[$key] = htmlentities( $val ); } [/code] Re: problems with htmlentities(noob question) 14 Years Ago by Muazam … like this: [code] foreach ($_GET as $key => $val) { $val = htmlentities($val); if ( $key <> "name") [/code] And… Re: Difference between htmlspecialchars() and htmlentities() 8 Years Ago by diafol …that will be encoded by htmlspecialchars ----------------------------------------------------------------- From the manual - htmlentities: >This function is identical to htmlspecialchars() in all ways…, except with htmlentities(), all characters which have HTML character entity equivalents are … textarea probelm with htmlentities 13 Years Ago by MDanz … style='display:none;' id='1'>".str_replace($textsearch,$textreplace,htmlentities($textareatext))."</div>"; echo "<table… URGENT: Encoding variable using htmlentities 12 Years Ago by mosesmn …; xmlns="http://www.pesapal.com" />"; $post_xml = htmlentities($post_xml); If I use single quotes the error dissappears but… Difference between htmlspecialchars() and htmlentities() 8 Years Ago by phoenix254 What are the differences between **htmlspecialchars()**and **htmlentities()**. When should I use one or the other?Explain me in poor words Re: htmlentities() expects parameter 1 to be string 10 Years Ago by pritaeas After: $fothers = mysql_query($fothersq); There should be: $row = mysql_fetch_array($fothers); and then use `$row` instead of `$fothers` Re: htmlentities() expects parameter 1 to be string 10 Years Ago by nadiam oh.. right. hehe thank you so much! you've been helping me alot thanks :) Re: htmlentities ruining some characters 13 Years Ago by dos_killer strip_tags method in php [URL="http://php.net/manual/en/function.strip-tags.php"]http://php.net/manual/en/function.strip-tags.php[/URL] Re: htmlentities ruining some characters 13 Years Ago by dos_killer although you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?