On Thu, July 12, 2007 6:08 pm, Dan wrote:
string htmlentities ( string $string [, int $quote_style [, string
$charset
[, bool $double_encode]]] )
This function is identical to htmlspecialchars() in all ways, except
with
htmlentities(), all characters which have HTML character entity
Best way to learn, and remember, things like this is to make a simple test page
and see for yourself.
Don Don wrote:
Hi all,
Am kind of confused between htmlspecialchars and htmlentities. I've got data i need to
display data on a page containing e.g. quot; but will like it to be displayed
string htmlentities ( string $string [, int $quote_style [, string $charset
[, bool $double_encode]]] )
This function is identical to htmlspecialchars() in all ways, except with
htmlentities(), all characters which have HTML character entity equivalents
are translated into these entities.
Something like this (you might like to check the syntax, I'm working from
memory here) might work:
header('Content-Disposition: attachment; filename=somefile.html');
Thanks, I'll have to try that.
As for security, looks like I will need to watch out for the extensions.
Turns out that the
Well, unless you have set your server up to execute PHP or CGI scripts in
.html files, which is a very bad idea, the only thing you need to worry
about is client-side scripting. You could just filter out all
script/script tags if client-side scripting isn't important for your
On 7/16/05, Lauri Harpf [EMAIL PROTECTED] wrote:
Well, unless you have set your server up to execute PHP or CGI scripts in
.html files, which is a very bad idea, the only thing you need to worry
about is client-side scripting. You could just filter out all
script/script tags if client-side
Dotan Cohen wrote:
On 7/16/05, Lauri Harpf [EMAIL PROTECTED] wrote:
I've been thinking of limiting this problem by preventing the direct
displaying of the code (ie. only allowing Save As.. for the link to the
user-submitted HTML). I guess a bit of JS could prevent accidental
left-clicking on
Lauri Harpf wrote:
Now, if I make a point of not chmod 755ing the .html files in
question, the server should be safe from someone feeding a html file
with an embedded PHP script, right? Is there something else I should
be looking out for - or is there an even better way of handling the
It depends on how you have magic quotes set up in your php.ini file. Mine
are set up as follows:
magic_quotes_gpc On On
magic_quotes_runtime Off Off
which I believe is the default, because I certainly never changed them.
I have never had a problem simply inserting or selecting html without the
9 matches
Mail list logo
