Edit report at https://bugs.php.net/bug.php?id=55174&edit=1
ID: 55174
Comment by: new dot false dot email at gmail dot com
Reported by: development at dayside dot net
Summary: htmlspecialchars buggy
Status: Not a bug
Type: Bug
Package: *General Issues
Operating System: winxp sp3
PHP Version: 5.4.0alpha1
Block user comment: N
Private report: N
New Comment:
try this, it worked for me:
htmlspecialchars('Test123 äöüÃ', ENT_QUOTES | ENT_HTML401, '');
this is the important part --------------------------------^
Previous Comments:
------------------------------------------------------------------------
[2011-07-12 03:16:06] ras...@php.net
That's the only safe approach. If you don't know the encoding of the
characters, you can't possibly know that they are safe to output since they
aren't valid in your current encoding. Trying to clean up a string full of
invalid characters is dangerous. The only safe approach is to not allow them.
As for not being allowed to change your php.ini, that's fine, that's why the
htmlspecialchars() call takes an optional encoding argument.
------------------------------------------------------------------------
[2011-07-12 01:26:51] development at dayside dot net
correct me if i'm wrong, but this function returns nothin' in case of 'Test123'
and thats okay ?
...and not everyone is allowed to change that php.ini setting
in some cases as a user you dont know which encoding is used...
in such a case htmlspecialchars discards all data... thats a fantastic idea..
------------------------------------------------------------------------
[2011-07-11 12:34:59] ras...@php.net
You can also set your default_charset back to iso-8859-1 in your php.ini file,
but really these days you should be using utf-8.
------------------------------------------------------------------------
[2011-07-11 10:16:10] cataphr...@php.net
The default encoding as of PHP 5.4 is UTF-8 (it was ISO-8859-1 before).
Therefore, if your string is in ISO-8859-1, you must specify the encoding.
Closing as bogus.
------------------------------------------------------------------------
[2011-07-11 07:05:33] development at dayside dot net
Description:
------------
when any string contains any char of these -> äöüÃ
and the string is processed with htmlspecialchars it results in an empty
string...
Test script:
---------------
<?php
echo htmlspecialchars('Test123 äöüÃ');
?>
Actual result:
--------------
nothin...
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=55174&edit=1
