[PHP] htmlentities
Is there a way to only change accented characters and not HTML (Example: p /p a href =”” /a ) The syntax echo htmlentities( stripslashes(mysql_result($whats_new_result,0,message)) ) . \r\n; is doing everything (as I expect). I store breaking news within the database as HTML formatted text. I am trying to see if a work around is available? Do I need to do a variety of search / replace to convert the noted characters above back after htmlentities ? (I am just starting to get use to accented letters.) Thanks a lot for your help. Ron The Verse of the Day “Encouragement from God’s Word” http://www.TheVerseOfTheDay.info
Re: [PHP] htmlentities
You could store the accented characters in your DB if you set everything to UTF-8, including calling the SET NAMES utf8 MySQL command after connecting. I find this much easier than encoding/decoding. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities is incomplete: does not cover rsquo etc
Heddon's Gate Hotel wrote: Thanks Jan, it's much clearer now. My knowledge about character encodings has multiplied 100-fold in the last 24 hours' research. Would it be a good idea for the PHP Manual to address some of these issues, by explaining good practice in encoding arbitrary user input in forms (for example), for the benefit of those, like me, for whom character sets are a bit of a black art? Also I still cannot persuade get_html_translation_table to list those non-Latin1 entities. This is not an important issue, since it appears to be only an information function, but it would be nice if it were consistent with htmlentities and html_entity_decode. This probably one of the reasons some of us think that getting a stable PHP6 based on unicode out of the door would probably be a lot more use to people than PHP5.3 ;) Eliminate character sets and the black art goes away? -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities is incomplete: does not cover rsquo etc
On Sat, Mar 14, 2009 at 12:18 AM, Lester Caine les...@lsces.co.uk wrote: This probably one of the reasons some of us think that getting a stable PHP6 based on unicode out of the door would probably be a lot more use to people than PHP5.3 ;) +1 I cannot wait for full unicode. mbstring, iconv, all this wacky stuff, no thanks. having to feed 'utf-8' to functions all over too... everything should be UTF-8 now, period. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities is incomplete: does not cover rsquo etc
2009/3/13 Heddon's Gate Hotel ho...@heddonsgate.co.uk: The string function htmlentities seems to have very incomplete coverage of the HTML entities listed in the HTML 4 spec. For example, it does not know about rsquo, lsquo, rdquo, ldquo, etc. This is confirmed by looking at the output of get_html_translation_table, which does not list these entities. My impression is that it covers those HTML entities that are in ISO-8859-1, but not the others. Is this deliberate? If so, the Manual is misleading because it suggests that all HTML entities are covered. Otherwise, is this a bug? Well, If you specify the input charset you'll have no problem at all. ;) ?= htmlentities('string with UTF-8: ±ªÐº×Nµ»n“¢µ€jæ', ENT_QUOTES, 'UTF-8'); ? Latin1 AKA ISO-8859-1 doesn't have ldquo nor bdquo nor ndash and alike. Regards, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities is incomplete: does not cover rsquo etc
Thanks Jan, it's much clearer now. My knowledge about character encodings has multiplied 100-fold in the last 24 hours' research. Would it be a good idea for the PHP Manual to address some of these issues, by explaining good practice in encoding arbitrary user input in forms (for example), for the benefit of those, like me, for whom character sets are a bit of a black art? Also I still cannot persuade get_html_translation_table to list those non-Latin1 entities. This is not an important issue, since it appears to be only an information function, but it would be nice if it were consistent with htmlentities and html_entity_decode. Eddie From Jan G.B. 13/03/2009 17:27: 2009/3/13 Heddon's Gate Hotel ho...@heddonsgate.co.uk: The string function htmlentities seems to have very incomplete coverage of the HTML entities listed in the HTML 4 spec. For example, it does not know about rsquo, lsquo, rdquo, ldquo, etc. This is confirmed by looking at the output of get_html_translation_table, which does not list these entities. My impression is that it covers those HTML entities that are in ISO-8859-1, but not the others. Is this deliberate? If so, the Manual is misleading because it suggests that all HTML entities are covered. Otherwise, is this a bug? Well, If you specify the input charset you'll have no problem at all. ;) ?= htmlentities('string with UTF-8: ±ªÐº×Nµ»n“¢µ€jæ', ENT_QUOTES, 'UTF-8'); ? Latin1 AKA ISO-8859-1 doesn't have ldquo nor bdquo nor ndash and alike. Regards, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities is incomplete: does not cover rsquo etc
The string function htmlentities seems to have very incomplete coverage of the HTML entities listed in the HTML 4 spec. For example, it does not know about rsquo, lsquo, rdquo, ldquo, etc. This is confirmed by looking at the output of get_html_translation_table, which does not list these entities. My impression is that it covers those HTML entities that are in ISO-8859-1, but not the others. Is this deliberate? If so, the Manual is misleading because it suggests that all HTML entities are covered. Otherwise, is this a bug? Eddie -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HTMLEntities as NUMERIC for XML
After reading this: http://validator.w3.org/feed/docs/error/UndefinedNamedEntity.html (all praise W3.org!) I am searching for a PHP library function that will convert all my abc; into #123; I have a zillion of these things from converting stupid MS Word characters into something that will, like, you know, actually WORK on the Internet, and do not really want to re-invent the wheel here. Somebody has to have written this function... I'm kind of surprised it's not http://php.net/xmlentities or somesuch... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] HTMLEntities as NUMERIC for XML
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2008 11:28 AM To: php-general@lists.php.net Subject: Re: [PHP] HTMLEntities as NUMERIC for XML I came across a similar problem using an AJAX thing, with MSWord characters in the text. The way round the problem was to enclose everything inside CDATA blocks, which made the browsers happy to receive as the entities only had to be understood by the HTML browser now, not the XML parser. As RSS is an XML format, maybe this would help you? I suspect not. The RSS+XML standard[1] seems to be quite finicky, and wrapping in CDATA block, from what I've read, will simply make some readers/aggregators decide to not carry the RSS feed at all. I have no idea if some means a handful or most however. But trying to maximize audience, I'm being conservative and using KISS principle until I know more. [1] Actually, it's 9 different incompatible standards, with no two published RSS standards being compatible: http://diveintomark.org/archives/2004/02/04/incompatible-rss I personally found this blog post brilliant YMMV You are correct. Some feed readers will just throw everything in a ![CDATA[]] block away. It can be useful when you are the only one reading/manipulating the XML ... but getting it into a universal code page is the way to go if aggregators are going to be touching your content. My 2c, // Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTMLEntities as NUMERIC for XML
I came across a similar problem using an AJAX thing, with MSWord characters in the text. The way round the problem was to enclose everything inside CDATA blocks, which made the browsers happy to receive as the entities only had to be understood by the HTML browser now, not the XML parser. As RSS is an XML format, maybe this would help you? I suspect not. The RSS+XML standard[1] seems to be quite finicky, and wrapping in CDATA block, from what I've read, will simply make some readers/aggregators decide to not carry the RSS feed at all. I have no idea if some means a handful or most however. But trying to maximize audience, I'm being conservative and using KISS principle until I know more. [1] Actually, it's 9 different incompatible standards, with no two published RSS standards being compatible: http://diveintomark.org/archives/2004/02/04/incompatible-rss I personally found this blog post brilliant YMMV -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities() and default_charset
Folks, Why should htmlentities() use the default_charset for $charset with this example, taken from ext/standard/tests/strings/htmlentities10.phpt? ?php ini_set('mbstring.internal_encoding','pass'); ini_set('default_charset','cp1252'); var_dump(htmlentities(\x82\x86\x99\x9f, ENT_QUOTES, '')); ? The test script expects the output to be: string(28) sbquo;dagger;trade;Yuml; According to the PHP Manual, the htmlentities() syntax is: string htmlentities ( string $string [, int $quote_style [, string $charset [, bool $double_encode ]]] ) For the parameter charset: Like htmlspecialchars(), it takes an optional third argument charset which defines character set used in conversion. Presently, the ISO-8859-1 character set is used as the default. It goes on to list the supported values for charset and states: Note: Any other character sets are not recognized and ISO-8859-1 will be used instead. Therefore, when $charset = '' I would expect that htmlentities(\x82\x86\x99\x9f, ENT_QUOTES, '') would use ISO-8859-1 since the null string is not listed as a supported value. Also, it does not mention the use of default_charset. Furthermore, when default_charset = '', PHP states that ISO-8859-1 will be used as the default. Since the $charset is optional, I would expect htmlentities(\x82\x86\x99\x9f, ENT_QUOTES) would use the default_charset, but not htmlentities(\x82\x86\x99\x9f, ENT_QUOTES, ''). However, test scripts ext/standard/tests/strings/htmlentities10.phpt, htmlentities11.phpt, and htmlentities13.phpt all expect the default_charset to be used when charset=''. Thanks. Jim - Jim Hermann [EMAIL PROTECTED] UUism Networks http://www.UUism.net Ministering to the Needs of Online UUs Web Hosting, Email Services, Mailing Lists - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities() does not remove escape
On Sun, January 27, 2008 12:27 pm, jekillen wrote: Hello: I have a form that has a textarea and I do not want to disallow the use of single quote as apostrophe, or for any other normal stylization. So I am using html entities to change these characters into html entities. But the function does not remove the escapes added by the browser when sending the input. Is there a special function in php for removing the \ escapes as well? My plan b would be to look for a similar function in javascript and convert to html entities before the input is sent to the server. I want to screen for damaging code but do not want to prevent legitimate use of punctuation. If the input in the text field is then displayed as html (which it will be) I do not want things like 'It\'s a nice day' showing up in the html. If you are using htmlentities (et al) correctly, you should not get an extra \ in the browser, not even in the textarea, and most especially not coming back into your input $_POST data. Check that you don't have Magic Quotes on as well as using mysql_real_escape_string. Also check that you aren't doing htmlentities/htmlspecialchars twice. Somewhere, somehow, you're probably adding an EXTRA \ in your code. If you have to use stripslashes() you've done something wrong in the first place... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities() does not remove escape
Hello: I have a form that has a textarea and I do not want to disallow the use of single quote as apostrophe, or for any other normal stylization. So I am using html entities to change these characters into html entities. But the function does not remove the escapes added by the browser when sending the input. Is there a special function in php for removing the \ escapes as well? My plan b would be to look for a similar function in javascript and convert to html entities before the input is sent to the server. I want to screen for damaging code but do not want to prevent legitimate use of punctuation. If the input in the text field is then displayed as html (which it will be) I do not want things like 'It\'s a nice day' showing up in the html. Thanks in advance; Jeff k -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities() does not remove escape
On Jan 27, 2008 1:27 PM, jekillen [EMAIL PROTECTED] wrote: Hello: I have a form that has a textarea and I do not want to disallow the use of single quote as apostrophe, or for any other normal stylization. So I am using html entities to change these characters into html entities. But the function does not remove the escapes added by the browser when sending the input. Is there a special function in php for removing the \ escapes as well? stripslashes() -nathan
Re: [PHP] htmlentities() does not remove escape
On Sun, 2008-01-27 at 10:27 -0800, jekillen wrote: Hello: I have a form that has a textarea and I do not want to disallow the use of single quote as apostrophe, or for any other normal stylization. So I am using html entities to change these characters into html entities. But the function does not remove the escapes added by the browser when sending the input. Is there a special function in php for removing the \ escapes as well? My plan b would be to look for a similar function in javascript and convert to html entities before the input is sent to the server. I want to screen for damaging code but do not want to prevent legitimate use of punctuation. If the input in the text field is then displayed as html (which it will be) I do not want things like 'It\'s a nice day' showing up in the html. Browser doesn't escape those quotes. You're PHP configuration has magic quotes enabled. See strip_slashes() if you must strip them. The preferable solution is to get rid of the magic quotes dependency but that's a longer topic and there's plenty on the net for you to read. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities() does not remove escape
On Jan 27, 2008, at 10:37 AM, Nathan Nobbe wrote: On Jan 27, 2008 1:27 PM, jekillen [EMAIL PROTECTED] wrote: I have a form that has a textarea and I do not want to disallow the use of single quote as apostrophe, or for any other normal stylization. So I am using html entities to change these characters into html entities. But the function does not remove the escapes added by the browser when sending the input. Is there a special function in php for removing the \ escapes as well? stripslashes() -nathan Thanks, of course. Sometimes the brain just does not kick over the way it should. Jeff K -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities()
I tried to understand htmlentities by putting this code into a test.php: ?php if(!$page) { ? H3Test of evil input/H3 form method=post action=?php echo $PHP_SELF? INPUT type=text name=field1 size=100 maxlength=100 INPUT type=hidden name=page value=1 INPUT type=submit name=submit value=Check it! /form ?php } else { echo field1=$field1br; $field2=htmlentities($field1,ENT_QUOTES,UTF-8); echo field2=$field2p; echo htmlentities($field1,ENT_QUOTES,UTF-8); echo p; $str = A 'quote' is bbold/b; // Outputs: A 'quote' is lt;bgt;boldlt;/bgt; echo htmlentities($str); echo br; // Outputs: A #039;quote#039; is lt;bgt;boldlt;/bgt; echo htmlentities($str, ENT_QUOTES); } ? The output on the screen is: field1=*Greater input and lower input* field2=bGreater input and lower input/b bGreater input and lower input/b A 'quote' is bbold/b A 'quote' is bbold/b I expected that it would give me in the second line: field2=lt;bgt;Greater input and lower inputlt;/bgt; and the lower two lines I expected as: A 'quote' is lt;bgt;boldlt;/bgt; A #039;quote#039; is lt;bgt;boldlt;/bgt; What do I miss understand here? bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities()
Hi, I tried to understand htmlentities by putting this code into a test.php: [...] The output on the screen is: field1=*Greater input and lower input* field2=bGreater input and lower input/b bGreater input and lower input/b A 'quote' is bbold/b A 'quote' is bbold/b I expected that it would give me in the second line: field2=lt;bgt;Greater input and lower inputlt;/bgt; and the lower two lines I expected as: A 'quote' is lt;bgt;boldlt;/bgt; A #039;quote#039; is lt;bgt;boldlt;/bgt; What do I miss understand here did you try to 'view-source' the page ? -- Ludovic André -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities()
It is doing that ;) If you look at the source, you will see the expected output. On Nov 17, 2007, at 4:41 AM, Ronald Wiplinger [EMAIL PROTECTED] wrote: I tried to understand htmlentities by putting this code into a test.php: ?php if(!$page) { ? H3Test of evil input/H3 form method=post action=?php echo $PHP_SELF? INPUT type=text name=field1 size=100 maxlength=100 INPUT type=hidden name=page value=1 INPUT type=submit name=submit value=Check it! /form ?php } else { echo field1=$field1br; $field2=htmlentities($field1,ENT_QUOTES,UTF-8); echo field2=$field2p; echo htmlentities($field1,ENT_QUOTES,UTF-8); echo p; $str = A 'quote' is bbold/b; // Outputs: A 'quote' is lt;bgt;boldlt;/bgt; echo htmlentities($str); echo br; // Outputs: A #039;quote#039; is lt;bgt;boldlt;/bgt; echo htmlentities($str, ENT_QUOTES); } ? The output on the screen is: field1=*Greater input and lower input* field2=bGreater input and lower input/b bGreater input and lower input/b A 'quote' is bbold/b A 'quote' is bbold/b I expected that it would give me in the second line: field2=lt;bgt;Greater input and lower inputlt;/bgt; and the lower two lines I expected as: A 'quote' is lt;bgt;boldlt;/bgt; A #039;quote#039; is lt;bgt;boldlt;/bgt; What do I miss understand here? bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities()
Ronald Wiplinger wrote: I tried to understand htmlentities by putting this code into a test.php: ?php if(!$page) { ? H3Test of evil input/H3 form method=post action=?php echo $PHP_SELF? INPUT type=text name=field1 size=100 maxlength=100 INPUT type=hidden name=page value=1 INPUT type=submit name=submit value=Check it! /form ?php } else { echo field1=$field1br; $field2=htmlentities($field1,ENT_QUOTES,UTF-8); echo field2=$field2p; you are echo'ing the same field1 variable as before. by your comments at the bottom of what you expected the output to be, I think you are wanting to use the $field2 variable instead. echo htmlentities($field1,ENT_QUOTES,UTF-8); echo p; $str = A 'quote' is bbold/b; // Outputs: A 'quote' is lt;bgt;boldlt;/bgt; echo htmlentities($str); echo br; // Outputs: A #039;quote#039; is lt;bgt;boldlt;/bgt; echo htmlentities($str, ENT_QUOTES); } ? The output on the screen is: field1=*Greater input and lower input* field2=bGreater input and lower input/b bGreater input and lower input/b A 'quote' is bbold/b A 'quote' is bbold/b I expected that it would give me in the second line: field2=lt;bgt;Greater input and lower inputlt;/bgt; and the lower two lines I expected as: A 'quote' is lt;bgt;boldlt;/bgt; A #039;quote#039; is lt;bgt;boldlt;/bgt; are you viewing this in the html source or in the browser window? What do I miss understand here? bye Ronald -- Jim Lucas Perseverance is not a long race; it is many short races one after the other Walter Elliot Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Htmlentities vs htmlspecialchars
Hi all. I know htmlspecialchars converts the smallest set of entities possible to generate valid HTML, and that htmlentities goes much further, so what is the difference? Is it not better to use htmlentities in every case, making htmlspecialchars somewhat redundant, or is there a performance tradeoff? -- http://www.web-buddha.co.uk http://www.projectkarma.co.uk
Re: [PHP] Htmlentities vs htmlspecialchars
Dave Goodchild wrote: Hi all. I know htmlspecialchars converts the smallest set of entities possible to generate valid HTML, and that htmlentities goes much further, so what is the difference? Is it not better to use htmlentities in every case, making htmlspecialchars somewhat redundant, or is there a performance tradeoff? 1 kind of performance: 'htmlentities' is less chars to type. another kind of performance: 'htmlspecialchars' converts a *smaller* set of entities; this assumes that the size of the set has a measurable impact on the time takento do a conversion - I doubt that given the actual sizes of the respective entity conversion tables that this is the case. okay so that's guess work ;-) personally I always use htmlentities() and be done with it, I had the same 'redundant' feeling some time back. I wonder if anyone can given a solid answer to this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities vs htmlspecialchars
On Wed, 26 Jul 2006 14:59:46 +0200, Jochem Maas wrote: I wonder if anyone can given a solid answer to this? If I remember correctly, htmlspecialchars does what its name indicate: konvert any character with special meaning according to the HTML specification. htmlentities converts any character to its HTML representation. One caveat of using htmlentities is that it is really hard to read for a human being, but as long as the output is only used inside a browser there is no problem. Nowadays I do a lot of XML stuff which only leaves one option: htmlentities. Another thing: PHP is designed to be used on the web in browser so htmlspecialchars, in my opinion, is redundant. -- Hilsen/Regards Michael Rasmussen http://keyserver.veridis.com:11371/pks/lookup?op=getsearch=0xE3E80917 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities() with utf8
On 5/4/06, Marten Lehmann [EMAIL PROTECTED] wrote: Hello, I want to use htmlentities() with UTF-8, which I can set with the third parameter. But to use the third parameter, I have to provide the second parameter. Currently the default for the second parameter is ENT_COMPAT. But as this might change, I don't want to call htmlentities with htmlentities($text, ENT_COMPAT, UTF-8); all the time. Is there another way? Regards Marten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You could create a function that could handle various output/escaping functions. This way you minimize any changes to the output mechanism you use throughout your old site. function formatText($text=NULL) { if (is_null($text) ) return $text; $text = htmlentities($text, ENT_COMPAT, UTF-8); // you could even do other stuff if you wanted like $text = nl2br($text); return $text; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities() with utf8
Hello, I want to use htmlentities() with UTF-8, which I can set with the third parameter. But to use the third parameter, I have to provide the second parameter. Currently the default for the second parameter is ENT_COMPAT. But as this might change, I don't want to call htmlentities with htmlentities($text, ENT_COMPAT, UTF-8); all the time. Is there another way? Regards Marten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities() with utf8
On Thu, May 4, 2006 11:02 am, Marten Lehmann wrote: I want to use htmlentities() with UTF-8, which I can set with the third parameter. But to use the third parameter, I have to provide the second parameter. Currently the default for the second parameter is ENT_COMPAT. But as this might change, I don't want to call htmlentities with htmlentities($text, ENT_COMPAT, UTF-8); all the time. Is there another way? If you're just trying to type less: You could try using NULL and see if that kicks in the default... But that would be an undocmented feature which carries its own risks. If you are concerned about backwards/forwards compatibility changes: How about in some 'globals.inc' file you could do: define('DEFAULT_QUOTE_STYLE', ENT_COMPAT); Then you can use DEFAULT_QUOTE_STYLE everywhere, and if it changes, or you want to change it, you only need to change it in one place. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities() with utf8
Marten Lehmann wrote: Hello, I want to use htmlentities() with UTF-8, which I can set with the third parameter. But to use the third parameter, I have to provide the second parameter. Currently the default for the second parameter is ENT_COMPAT. But as this might change, I don't want to call htmlentities with htmlentities($text, ENT_COMPAT, UTF-8); all the time. Is there another way? Nope. You have to provide the 2nd parameter because the function needs it. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities()
Copied and pasted the following sample script from the php manual and this outputs: ... ?php $str = A 'quote' is bbold/b; echo htmlentities($str); ? .. // outputs: A 'quote' is bbold/b Not sure why the I am still getting the tags and spaces after the call to htmlentities(). Thank you for any help. TR -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities()
--- Anthony Ritter [EMAIL PROTECTED] wrote: Copied and pasted the following sample script from the php manual and this outputs: ... ?php $str = A 'quote' is bbold/b; echo htmlentities($str); ? .. // outputs: A 'quote' is bbold/b Not sure why the I am still getting the tags and spaces after the call to htmlentities(). View source, and I think you'll understand. Or, remove the call to htmlentities(). Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities()
Copied and pasted the following sample script from the php manual and this outputs: ... ?php $str = A 'quote' is bbold/b; echo htmlentities($str); ? .. // outputs: A 'quote' is bbold/b Not sure why the I am still getting the tags and spaces after the call to htmlentities(). Thank you for any help. TR Are you looking at the html source?? I get A 'quote' is bbold/b when I load the page *BUT* viewing the source gives me this: A 'quote' is lt;bgt;boldlt;/bgt; ;-) Jim Grill -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities()
Copied and pasted the following sample script from the php manual and this outputs: ... ?php $str = A 'quote' is bbold/b; echo htmlentities($str); ? .. // outputs: A 'quote' is bbold/b Not sure why the I am still getting the tags and spaces after the call to htmlentities(). Thank you for any help. TR Sorry to spam you, but If you are wanting to remove html altogether take a look at strip_tags() http://us4.php.net/manual/en/function.strip-tags.php Jim Grill -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities()
Chris Shiflett wrote: View source, and I think you'll understand. Or, remove the call to htmlentities(). Chris .. Thank you all for your assistance. Best... TR ... ...when a browser sees lt, it prints out a character instead of thinking OK here comes an HTML tag. This is the same idea (but with a differnt syntax) as escaping a or $ charcater inside a double quoted string... ~[from Learning PHP5 [O'Reilly] page 102] ?php $str = I blove/b sweet tea and div class=\fancy\rice./div tea\n; echo $str; echo br; echo htmlentities($str); ? // Output in view source code: I blove/b sweet tea and div class=fancyrice./div tea brI lt;bgt;lovelt;/bgt; sweet tea and lt;div class=quot;fancyquot;gt;rice.lt;/divgt; amp; tea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities and foreign characters from MS Word
I'm having a problem figuring out how to deal with foreign characters in text that was copied from an MS Word document and pasted into a form field. I'm not how sure this is getting stored in the MySQL database, but, when I run htmlentities() on this text, each foreign character is converted into 2 other foreign characters that don't at all represent the original. For example, a lowercase u with an umlat over it (ü) is somehow displayed as an uppercase A with an umlat over it followed by the 1/4 symbol after parsed by htmlentities(). A lowercase o with an ulmat displays as an uppercase A with an umlat over it followed by the paragraph symbol. It seems that the uppercase A w/umlat is a constant, and the next character changes. The ord() function returns the same number for all of these foreign characters: 195. So, I'm not sure what's happening with these foreign characters, and if there's any way to convert them to proper htmlentities before being displayed in a browser. I thought htmlentities would do this, actually. Thanks! Monty. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities, links, javascript
hi all, i have a script that calls a popup like this: a href=/popup.php?name=Choicesamp;product_id=15 target=_blank onclick=openWindow(this.href,600,200,'yes'); return false;Choices/a the amp; is there to make sure the page validates. the problem is that some browsers seem to be incorrectly translating this to: [REQUEST_URI] = /popup.php?name=Choicesamp;product_id=15 instead of: [REQUEST_URI] = /popup.php?name=Choicesproduct_id=15 a couple of browsers that have choked on this: [HTTP_USER_AGENT] = Mozilla/4.0 (compatible; MSIE 4.0; Windows 95) [HTTP_USER_AGENT] = Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/103u (KHTML, like Gecko) Safari/100 i have safari 1.2.1 installed on one of my development machines, and have had no trouble with the bad REQUEST_URIs. does anyone have some insight into the problem? i've posted a demonstration here: http://hartshorne.ca/sandbox.php you'll have to view the source of the popup to see if the was translated properly. thanks, beau -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities -- can it skip tags
Hi all, I need to convert some text from a database for presentation on screen... as per usual, characters like quotes and ampersands () are giving me grief. the obvious answer is to apply htmlspecialchars(), BUT this also converts all and into lt; and gt; signs, which destroys the html mark-up within the text. Is there a non-tag equivalent of htmlspecialchars(), or do I need to build one? TIA Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities -- can it skip tags
Justin French wrote: Hi all, I need to convert some text from a database for presentation on screen... as per usual, characters like quotes and ampersands () are giving me grief. the obvious answer is to apply htmlspecialchars(), BUT this also converts all and into lt; and gt; signs, which destroys the html mark-up within the text. Is there a non-tag equivalent of htmlspecialchars(), or do I need to build one? You'll have to build one. If you know what characters are causing trouble, you could just use str_replace on them. Or you could use htmlspecialchars() and then run str_replace to convert lt; and gt; back into brackets. You could also use get_html_translation_table() to get the conversions, remove the and conversion elements of the array and then use strtr() to do the conversion. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities -- can it skip tags
On Monday, September 15, 2003, at 12:58 PM, John W. Holmes wrote: Justin French wrote: Hi all, I need to convert some text from a database for presentation on screen... as per usual, characters like quotes and ampersands () are giving me grief. the obvious answer is to apply htmlspecialchars(), BUT this also converts all and into lt; and gt; signs, which destroys the html mark-up within the text. Is there a non-tag equivalent of htmlspecialchars(), or do I need to build one? You'll have to build one. If you know what characters are causing trouble, you could just use str_replace on them. Or you could use htmlspecialchars() and then run str_replace to convert lt; and gt; back into brackets. Which is what I just did as a 'patch' :) You could also use get_html_translation_table() to get the conversions, remove the and conversion elements of the array and then use strtr() to do the conversion. I like that idea a LOT. Thanks John! Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities -- can it skip tags
On Monday, September 15, 2003, at 12:58 PM, John W. Holmes wrote: Justin French wrote: Hi all, I need to convert some text from a database for presentation on screen... as per usual, characters like quotes and ampersands () are giving me grief. the obvious answer is to apply htmlspecialchars(), BUT this also converts all and into lt; and gt; signs, which destroys the html mark-up within the text. Is there a non-tag equivalent of htmlspecialchars(), or do I need to build one? You'll have to build one. If you know what characters are causing trouble, you could just use str_replace on them. Or you could use htmlspecialchars() and then run str_replace to convert lt; and gt; back into brackets. Which is what I just did as a 'patch' :) You could also use get_html_translation_table() to get the conversions, remove the and conversion elements of the array and then use strtr() to do the conversion. I like that idea a LOT. Thanks John! Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities() and the macintosh character set
Hello- I have a request but don't know where to send it. Thus, it ends up here. Alternately, I'm looking for some solutions: The request: Can the macintosh character set be added as an option for htmlentities() and other commands? That would be so helpful for our mac-based company. The problem: I'm fairly new to php and have found that the macintosh character set is pretty different from other standard sets, so when someone in our company enters an em-dash (an extended dash, that would be represented as emdash; in html) into our SQL database, browsers display it as Ñ (Ntilde;) because that's the correct mapping in other, standard sets. Of course, I could do a replace on that character, but there are another 6 characters that I know of that will cause problems, and probably more beyond that. The quick and good way is to convert with htmlentities(), but the mac charset is lacking. Any suggestions how to fix this? Thanks, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities() and the macintosh character set
On Sat, Sep 13, 2003 at 11:24:56AM -0700, Michael Winston wrote: : : The request: Can the macintosh character set be added as an option for : htmlentities() and other commands? That would be so helpful for our : mac-based company. : : The problem: I'm fairly new to php and have found that the macintosh : character set is pretty different from other standard sets, so when : someone in our company enters an em-dash (an extended dash, that would : be represented as emdash; in html) into our SQL database, browsers : display it as Ñ (Ntilde;) because that's the correct mapping in other, : standard sets. Of course, I could do a replace on that character, but : there are another 6 characters that I know of that will cause problems, : and probably more beyond that. The quick and good way is to convert : with htmlentities(), but the mac charset is lacking. : : Any suggestions how to fix this? You could modify the HTML translation table and add Mac specific characters to the mix. ?php $trans = get_html_translation_table(HTML_ENTITIES); $trans[chr(213)] = 'apostrophe;'; $trans[chr(165)] = 'bullet;'; $trans[chr(208)] = 'endash;'; $trans[chr(209)] = 'emdash;'; $macstring = 'A string containing some Mac-specific characters'; $encoded = strtr($macstring, $trans); echo $encoded; ? I wonder if anyone has already done the work for the other entites. Anyways, if not, you can always build your own from Apple's list: http://developer.apple.com/documentation/mac/Text/Text-516.html#MARKER-9-3 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities()
I seem to be having trouble with htmlentities(). Maybe someone has a clue I can borrow. Here's my function: function FitForHTML($string) { $asciitable = get_html_translation_table(HTML_ENTITIES); $string = htmlentities($string, ENT_COMPAT); $string = str_replace($asciitable[chr(255)], yuml;, $string); return $string; } When calling this function with the following data: é[a club]+ I get: é#9827;+ (I didn't send this as Unicode. The #9827 was originally a club character.) Maybe I'm not looking in the correct area, but when I do a search in Google Groups, I get one message (well, two: one in English and one in German or some language that uses a lot of z's and c's), but that doesn't solve the problem.
[PHP] Htmlentities and Newlines?
Perhaps I don't understand the use of 'htmlentities' too well, but I would like newlines to be retained/inserted into a db, and then if displayed, to produce a new line from a textarea. However, I want the possibility of dangerous html excluded (hence the use of 'htmlentities'). Is there some way of excluding '\n \r ' and other newline indicators from 'htmlentities()'? Perhaps a combination of preg_match and something else? I'm a bit brained-fried struggling with other errant parts of this code since 6 am. Any ideas how I could proceed? The code far: ?php . . . /* Verification script. Adds sponsor's name, city, prov, country and current date at end of 'request' string */ . . . $request = $_POST['request']; $request = ucfirst($request); $html = htmlentities($request); ^^^ /* $html defuses all newlines . . . sigh */ $title = $_POST['title']; $title = ucfirst($title); $title = htmlentities($title); $date = date('Y-m-d'); $preview = {$_SESSION['title']}brbrbr$htmlbrbrbr{$_SESSION['sfname']} {$_SESSION['ssname']}br{$_SESSION['scity']}, {$_SESSION['rprov']} {$_SESSION['scountry']}br$date;; print h2Preview of Request from {$_SESSION['sfname']}{$_SESSION['ssname']}/h2brbr; . . . ? Any ideas or advice will be most gratefully accepted. Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
Perhaps I don't understand the use of 'htmlentities' too well, but I would like newlines to be retained/inserted into a db, and then if displayed, to produce a new line from a textarea. However, I want the possibility of dangerous html excluded (hence the use of 'htmlentities'). Is there some way of excluding '\n \r ' and other newline indicators from 'htmlentities()'? Perhaps a combination of preg_match and something else? I'm a bit brained-fried struggling with other errant parts of this code since 6 am. Any ideas how I could proceed? What's wrong with echo nl2br(htmlentities($text)); ?? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
On Saturday 28 September 2002 03:30 pm, John W. Holmes wrote: Perhaps I don't understand the use of 'htmlentities' too well, but I would like newlines to be retained/inserted into a db, and then if displayed, to produce a new line from a textarea. However, I want the possibility of dangerous html excluded (hence the use of 'htmlentities'). Is there some way of excluding '\n \r ' and other newline indicators from 'htmlentities()'? Perhaps a combination of preg_match and something else? I'm a bit brained-fried struggling with other errant parts of this code since 6 am. Any ideas how I could proceed? What's wrong with echo nl2br(htmlentities($text)); ?? ---John Holmes... Thanks John, Well, as expected, the Preview function admirably displays text, with line breaks, from the textarea. However, once saved in the db (which used to display br's) the db record now displays the same as on screen -- line breaks with no characters indicating linebreaks). Yet, if I call that particular record from the db, and display it on-screen, it's all on one line. So, I'm confused. Any ideas what to do to save it properly in the db so that on display, it renders the same way as in the Preview (pre-db insertion) mode? And now, ucfirst($text); refuses to work! Sigh . . . what a day! Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
OK, I can't quite follow what you are doing. Here's what you should do. You should always save it in the database exactly how the user typed it. Save it with newlines and don't add any HTML code to it. Reason being, when this has to be edited, it'll show up in the textarea the same way the user typed it. No having to explain what the br are or where the extra stuff came from. Then, to show a preview or whatever to the user, use nl2br(htmlentities($text)) to send it to the browser. ---John Holmes... -Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 6:25 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 03:30 pm, John W. Holmes wrote: Perhaps I don't understand the use of 'htmlentities' too well, but I would like newlines to be retained/inserted into a db, and then if displayed, to produce a new line from a textarea. However, I want the possibility of dangerous html excluded (hence the use of 'htmlentities'). Is there some way of excluding '\n \r ' and other newline indicators from 'htmlentities()'? Perhaps a combination of preg_match and something else? I'm a bit brained-fried struggling with other errant parts of this code since 6 am. Any ideas how I could proceed? What's wrong with echo nl2br(htmlentities($text)); ?? ---John Holmes... Thanks John, Well, as expected, the Preview function admirably displays text, with line breaks, from the textarea. However, once saved in the db (which used to display br's) the db record now displays the same as on screen -- line breaks with no characters indicating linebreaks). Yet, if I call that particular record from the db, and display it on-screen, it's all on one line. So, I'm confused. Any ideas what to do to save it properly in the db so that on display, it renders the same way as in the Preview (pre-db insertion) mode? And now, ucfirst($text); refuses to work! Sigh . . . what a day! Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
Hi John, Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Oh, this all did sense to me a while ago, but I am tired, and it's beginning to sound like gibberish . Thanks again. Andre On Saturday 28 September 2002 06:44 pm, John W. Holmes wrote: OK, I can't quite follow what you are doing. Here's what you should do. You should always save it in the database exactly how the user typed it. Save it with newlines and don't add any HTML code to it. Reason being, when this has to be edited, it'll show up in the textarea the same way the user typed it. No having to explain what the br are or where the extra stuff came from. Then, to show a preview or whatever to the user, use nl2br(htmlentities($text)) to send it to the browser. ---John Holmes... -Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 6:25 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 03:30 pm, John W. Holmes wrote: Perhaps I don't understand the use of 'htmlentities' too well, but I would like newlines to be retained/inserted into a db, and then if displayed, to produce a new line from a textarea. However, I want the possibility of dangerous html excluded (hence the use of 'htmlentities'). Is there some way of excluding '\n \r ' and other newline indicators from 'htmlentities()'? Perhaps a combination of preg_match and something else? I'm a bit brained-fried struggling with other errant parts of this code since 6 am. Any ideas how I could proceed? What's wrong with echo nl2br(htmlentities($text)); ?? ---John Holmes... Thanks John, Well, as expected, the Preview function admirably displays text, with line breaks, from the textarea. However, once saved in the db (which used to display br's) the db record now displays the same as on screen -- line breaks with no characters indicating linebreaks). Yet, if I call that particular record from the db, and display it on-screen, it's all on one line. So, I'm confused. Any ideas what to do to save it properly in the db so that on display, it renders the same way as in the Preview (pre-db insertion) mode? And now, ucfirst($text); refuses to work! Sigh . . . what a day! Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. It doesn't strip it, it just converts some characters to HTML code. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Yes. The key is to display it with htmlentities(). Never display it directly. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Again, you don't have to worry what's in there, as long as you display it correctly. Now, if you know that these entries aren't going to be edited, then you can do the conversion and save that. Unfortunately, there is no reversal to htmlentities. So, you can't run htmlentities on the text and then hope to display it back to the user for editing. A will be lt;, and if you submit that and run html entities again, you'll have amp;lt;. See where the problem is? So, basically, as long as your displaying the text correctly, use the conversions when you display it. If you don't need to edit the text, run the conversion before you put it in your database. Anyone disagree? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
Hi John, Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Oh, this all did sense to me a while ago, but I am tired, and it's beginning to sound like gibberish . Thanks again. Andre Things will be alright, if you follow two rules: 1. before Output, use htmlentities() to make sure, your text isn't confused with HTML (This way noone can insert HTML-Tags into your Text). 2. before saving to database, either use addslashes() or turn on magic_qoutes in php.ini. (This will ensure, that noone drops your database on the fly. e.g. Enters something like '; drop database;' into a textarea.) as i remember magic_qoutes should be turned on by default. Don't do anything else with data that goes to your database, or you'll lose posibility to edit it later on. Regards Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
On Saturday 28 September 2002 07:55 pm, John W. Holmes wrote: Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. It doesn't strip it, it just converts some characters to HTML code. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Yes. The key is to display it with htmlentities(). Never display it directly. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Again, you don't have to worry what's in there, as long as you display it correctly. Now, if you know that these entries aren't going to be edited, then you can do the conversion and save that. Unfortunately, there is no reversal to htmlentities. So, you can't run htmlentities on the text and then hope to display it back to the user for editing. A will be lt;, and if you submit that and run html entities again, you'll have amp;lt;. See where the problem is? So, basically, as long as your displaying the text correctly, use the conversions when you display it. If you don't need to edit the text, run the conversion before you put it in your database. Anyone disagree? ---John Holmes... Thanks John, It appears I was doing it 'somewhat' correctly since I haven't run into the one-time-only problem with htmlentities. However, as I am only displaying the text in Preview Mode, when they click 'Back' on their browser, they'll see what they had just typed in. So, if they correct it, and click Preview, it'll be a new process since the old 'Preview was not saved to session, but is a 'new' post (the old Preview was destroyed.) Still, since I'm pulling the saved info from the db, iterating through all rows, and displaying it in table format, I can't get the linebreaks to display. Here's the 'code' that displays the info: ?php /* db access using postgresql - each row is displayed */ ... trtd{$myrow['request']}/td/tr ... ? Now unless I can do something like: trtd'nl2br({$myrow['request']}'/td/tr (Unfortunately, in the db the linebreaks appear as whitespaces (no \n or br). I'm sort of sunk. Somehow, that syntax looks like it won't work. Thanks for the advice, Andre . -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
Yeah, good catch on the addslash/magic_quote. Also, FYI: PHP will only allow you to do one query per mysql_query(). So you can't try to end a quote and then send another query. Don't know if this is the case for all database functions, or what... ---John Holmes... -Original Message- From: Sascha Cunz [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 8:19 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; php- [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? Hi John, Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Oh, this all did sense to me a while ago, but I am tired, and it's beginning to sound like gibberish . Thanks again. Andre Things will be alright, if you follow two rules: 1. before Output, use htmlentities() to make sure, your text isn't confused with HTML (This way noone can insert HTML-Tags into your Text). 2. before saving to database, either use addslashes() or turn on magic_qoutes in php.ini. (This will ensure, that noone drops your database on the fly. e.g. Enters something like '; drop database;' into a textarea.) as i remember magic_qoutes should be turned on by default. Don't do anything else with data that goes to your database, or you'll lose posibility to edit it later on. Regards Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
?php /* db access using postgresql - each row is displayed */ ... trtd{$myrow['request']}/td/tr ... ? Now unless I can do something like: trtd'nl2br({$myrow['request']}'/td/tr Try something like echo 'trtd'.nl2br($myrow['request'].'/td/tr'; Regards Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
On Saturday 28 September 2002 08:19 pm, Sascha Cunz wrote: Hi John, Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Oh, this all did sense to me a while ago, but I am tired, and it's beginning to sound like gibberish . Thanks again. Andre Things will be alright, if you follow two rules: 1. before Output, use htmlentities() to make sure, your text isn't confused with HTML (This way noone can insert HTML-Tags into your Text). 2. before saving to database, either use addslashes() or turn on magic_qoutes in php.ini. (This will ensure, that noone drops your database on the fly. e.g. Enters something like '; drop database;' into a textarea.) as i remember magic_qoutes should be turned on by default. Don't do anything else with data that goes to your database, or you'll lose posibility to edit it later on. Regards Sascha Hi Sascha, Short question: following your advice, what would the data look like in the db if I typed in: Hi Sascha. Next line is doubled. Double. How would that appear iun the db? In mine, it looks exactly like I typed it above (using 1 2 with magic_quotes=on). Regards, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
Yeah, good catch on the addslash/magic_quote. Also, FYI: PHP will only allow you to do one query per mysql_query(). So you can't try to end a quote and then send another query. Don't know if this is the case for all database functions, or what... Does PHP this? Such behaviour would be pretty new and pretty strange to me. And if, there must be any source in the source that does this, of which i can't remember... Regards Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
-Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 8:34 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 07:55 pm, John W. Holmes wrote: Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. It doesn't strip it, it just converts some characters to HTML code. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Yes. The key is to display it with htmlentities(). Never display it directly. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Again, you don't have to worry what's in there, as long as you display it correctly. Now, if you know that these entries aren't going to be edited, then you can do the conversion and save that. Unfortunately, there is no reversal to htmlentities. So, you can't run htmlentities on the text and then hope to display it back to the user for editing. A will be lt;, and if you submit that and run html entities again, you'll have amp;lt;. See where the problem is? So, basically, as long as your displaying the text correctly, use the conversions when you display it. If you don't need to edit the text, run the conversion before you put it in your database. Anyone disagree? ---John Holmes... Thanks John, It appears I was doing it 'somewhat' correctly since I haven't run into the one-time-only problem with htmlentities. However, as I am only displaying the text in Preview Mode, when they click 'Back' on their browser, they'll see what they had just typed in. So, if they correct it, and click Preview, it'll be a new process since the old 'Preview was not saved to session, but is a 'new' post (the old Preview was destroyed.) Still, since I'm pulling the saved info from the db, iterating through all rows, and displaying it in table format, I can't get the linebreaks to display. Here's the 'code' that displays the info: ?php /* db access using postgresql - each row is displayed */ ... trtd{$myrow['request']}/td/tr ... ? I assume that's being echo'd or something, like this? echo trtd{$myrow['request']}/td/tr; Then, you'd have to do this: Echo trtd . nl2br(htmlentities($myrow['request'])) . /td/tr; Does that clear it up? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
Yeah, good catch on the addslash/magic_quote. Also, FYI: PHP will only allow you to do one query per mysql_query(). So you can't try to end a quote and then send another query. Don't know if this is the case for all database functions, or what... Does PHP this? Such behaviour would be pretty new and pretty strange to me. And if, there must be any source in the source that does this, of which i can't remember... Does PHP do what? By default the MySQL query function can only take one query at a time. There is nothing strange about this. The command-line mysql tool can take multiple queries separated by semi-colons, but that is something that is implemented in that command-line tool. It is not done in the underlying API function which is what PHP is talking to. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
On Saturday 28 September 2002 08:32 pm, John W. Holmes wrote: -Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 8:34 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 07:55 pm, John W. Holmes wrote: Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out. It doesn't strip it, it just converts some characters to HTML code. You should always save it in the database exactly how the user typed it. So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. Yes. The key is to display it with htmlentities(). Never display it directly. Save it with newlines and don't add any HTML code to it. Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Again, you don't have to worry what's in there, as long as you display it correctly. Now, if you know that these entries aren't going to be edited, then you can do the conversion and save that. Unfortunately, there is no reversal to htmlentities. So, you can't run htmlentities on the text and then hope to display it back to the user for editing. A will be lt;, and if you submit that and run html entities again, you'll have amp;lt;. See where the problem is? So, basically, as long as your displaying the text correctly, use the conversions when you display it. If you don't need to edit the text, run the conversion before you put it in your database. Anyone disagree? ---John Holmes... Thanks John, It appears I was doing it 'somewhat' correctly since I haven't run into the one-time-only problem with htmlentities. However, as I am only displaying the text in Preview Mode, when they click 'Back' on their browser, they'll see what they had just typed in. So, if they correct it, and click Preview, it'll be a new process since the old 'Preview was not saved to session, but is a 'new' post (the old Preview was destroyed.) Still, since I'm pulling the saved info from the db, iterating through all rows, and displaying it in table format, I can't get the linebreaks to display. Here's the 'code' that displays the info: ?php /* db access using postgresql - each row is displayed */ ... trtd{$myrow['request']}/td/tr ... ? I assume that's being echo'd or something, like this? echo trtd{$myrow['request']}/td/tr; Then, you'd have to do this: Echo trtd . nl2br(htmlentities($myrow['request'])) . /td/tr; Does that clear it up? ---John Holmes... Well, if it works. I just assumed you couldn't manipulate this line. I'm not thinking too clearly -- long day since 6 am! Thanks John, Sascha, Dan. Regards, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
Short question: following your advice, what would the data look like in the db if I typed in: Hi Sascha. Next line is doubled. Double. How would that appear iun the db? In mine, it looks exactly like I typed it above (using 1 2 with magic_quotes=on). It depends on your viewer, I guess. It may appear as though it's all on one line, but the new lines are there, regardless. Htmlentities() doesn't do anything to linebreaks... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
On Saturday 28 September 2002 08:42 pm, John W. Holmes wrote: Short question: following your advice, what would the data look like in the db if I typed in: Hi Sascha. Next line is doubled. Double. How would that appear iun the db? In mine, it looks exactly like I typed it above (using 1 2 with magic_quotes=on). It depends on your viewer, I guess. It may appear as though it's all on one line, but the new lines are there, regardless. Htmlentities() doesn't do anything to linebreaks... ---John Holmes... Hi John, Tried that Echo trtd . nl2br(htmlentities($myrow['request'])) . and it appears exactly as it is written (as part of the text request). Maybe if I try again Monday with a fresh mind, I might discover what I'm doing wrong. I'll keep hacking at this. Thanks for your help. Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
Does PHP do what? By default the MySQL query function can only take one query at a time. There is nothing strange about this. The command-line mysql tool can take multiple queries separated by semi-colons, but that is something that is implemented in that command-line tool. It is not done in the underlying API function which is what PHP is talking to. -Rasmus Oops. I just tried it myself, you're right in this. Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
-Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:00 PM To: [EMAIL PROTECTED]; 'Sascha Cunz'; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 08:42 pm, John W. Holmes wrote: Short question: following your advice, what would the data look like in the db if I typed in: Hi Sascha. Next line is doubled. Double. How would that appear iun the db? In mine, it looks exactly like I typed it above (using 1 2 with magic_quotes=on). It depends on your viewer, I guess. It may appear as though it's all on one line, but the new lines are there, regardless. Htmlentities() doesn't do anything to linebreaks... ---John Holmes... Hi John, Tried that Echo trtd . nl2br(htmlentities($myrow['request'])) . and it appears exactly as it is written (as part of the text request). Maybe if I try again Monday with a fresh mind, I might discover what I'm doing wrong. ?? Umm..that's what should happen. It's not exact, mind you, it just looks the same in the browser. Any you had was converted to lt;, but you'd have to look at the source. A newline should now have a br / along with it... Is that not happening? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
On Saturday 28 September 2002 08:59 pm, John W. Holmes wrote: -Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:00 PM To: [EMAIL PROTECTED]; 'Sascha Cunz'; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 08:42 pm, John W. Holmes wrote: Short question: following your advice, what would the data look like in the db if I typed in: Hi Sascha. Next line is doubled. Double. How would that appear iun the db? In mine, it looks exactly like I typed it above (using 1 2 with magic_quotes=on). It depends on your viewer, I guess. It may appear as though it's all on one line, but the new lines are there, regardless. Htmlentities() doesn't do anything to linebreaks... ---John Holmes... Hi John, Tried that Echo trtd . nl2br(htmlentities($myrow['request'])) . and it appears exactly as it is written (as part of the text request). Maybe if I try again Monday with a fresh mind, I might discover what I'm doing wrong. ?? Umm..that's what should happen. It's not exact, mind you, it just looks the same in the browser. Any you had was converted to lt;, but you'd have to look at the source. A newline should now have a br / along with it... Is that not happening? ---John Holmes... Nope. In the db I see it as it's displayed on-screen without any br etc. Strangely, before I attempted to use htmlentities, in the db, I'd see text like: This linebris broken in two.brbrBefore this line is a double space. Now I see: This line is broken in two. Before this line is a double space. I just KNOW I'm messing up here -- but where??? Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Htmlentities and Newlines?
-Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:14 PM To: [EMAIL PROTECTED]; 'Sascha Cunz'; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 08:59 pm, John W. Holmes wrote: -Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:00 PM To: [EMAIL PROTECTED]; 'Sascha Cunz'; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 08:42 pm, John W. Holmes wrote: Short question: following your advice, what would the data look like in the db if I typed in: Hi Sascha. Next line is doubled. Double. How would that appear iun the db? In mine, it looks exactly like I typed it above (using 1 2 with magic_quotes=on). It depends on your viewer, I guess. It may appear as though it's all on one line, but the new lines are there, regardless. Htmlentities() doesn't do anything to linebreaks... ---John Holmes... Hi John, Tried that Echo trtd . nl2br(htmlentities($myrow['request'])) . and it appears exactly as it is written (as part of the text request). Maybe if I try again Monday with a fresh mind, I might discover what I'm doing wrong. ?? Umm..that's what should happen. It's not exact, mind you, it just looks the same in the browser. Any you had was converted to lt;, but you'd have to look at the source. A newline should now have a br / along with it... Is that not happening? ---John Holmes... Nope. In the db I see it as it's displayed on-screen without any br etc. Strangely, before I attempted to use htmlentities, in the db, I'd see text like: This linebris broken in two.brbrBefore this line is a double space. Now I see: This line is broken in two. Before this line is a double space. I just KNOW I'm messing up here -- but where??? Andre OK...I think you are confused. :) That's what you should see in the database. You are seeing text, newline, text, two newlines, and text. That's what should be in the database. Now, when you pull that out, and run nl2br() on it, it'll show up like this, in the source of the html output: This linebr / Is broken in twobr / br / Before this line is a double space. Bottom line !!! : Store the data exactly as the user typed it. Display the data using nl2br(htmlentities($text)). OK? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Htmlentities and Newlines?
On Saturday 28 September 2002 09:13 pm, John W. Holmes wrote: -Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:14 PM To: [EMAIL PROTECTED]; 'Sascha Cunz'; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 08:59 pm, John W. Holmes wrote: -Original Message- From: Andre Dubuc [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:00 PM To: [EMAIL PROTECTED]; 'Sascha Cunz'; [EMAIL PROTECTED] Subject: Re: [PHP] Htmlentities and Newlines? On Saturday 28 September 2002 08:42 pm, John W. Holmes wrote: Short question: following your advice, what would the data look like in the db if I typed in: Hi Sascha. Next line is doubled. Double. How would that appear iun the db? In mine, it looks exactly like I typed it above (using 1 2 with magic_quotes=on). It depends on your viewer, I guess. It may appear as though it's all on one line, but the new lines are there, regardless. Htmlentities() doesn't do anything to linebreaks... ---John Holmes... Hi John, Tried that Echo trtd . nl2br(htmlentities($myrow['request'])) . and it appears exactly as it is written (as part of the text request). Maybe if I try again Monday with a fresh mind, I might discover what I'm doing wrong. ?? Umm..that's what should happen. It's not exact, mind you, it just looks the same in the browser. Any you had was converted to lt;, but you'd have to look at the source. A newline should now have a br / along with it... Is that not happening? ---John Holmes... Nope. In the db I see it as it's displayed on-screen without any br etc. Strangely, before I attempted to use htmlentities, in the db, I'd see text like: This linebris broken in two.brbrBefore this line is a double space. Now I see: This line is broken in two. Before this line is a double space. I just KNOW I'm messing up here -- but where??? Andre OK...I think you are confused. :) That's what you should see in the database. You are seeing text, newline, text, two newlines, and text. That's what should be in the database. Now, when you pull that out, and run nl2br() on it, it'll show up like this, in the source of the html output: This linebr / Is broken in twobr / br / Before this line is a double space. Bottom line !!! : Store the data exactly as the user typed it. Display the data using nl2br(htmlentities($text)). OK? ---John Holmes... Yup. Got it. Thnaks again, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htmlentities
hi! i've got the following problem and hope one of you is able to help me solving that: i've got a system in php that writes data (e.g. variable-name = $data) to a mysql database. there are two more scripts: one for displaying the data and one for writing the data into a formular. the displaying-script includes a link to the formular-script which submits the values for $data. i use the command 'htmlentities' to express the value (there is an html-tag like img src=http:...) correctly. when the formular-script is executed via this link i get a wrong result: img src=\\ there are these backslashes... what 2 do?? thX, George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htmlentities
On Saturday 06 April 2002 18:34, Joerg Hanke [ML-php] wrote: hi! i've got the following problem and hope one of you is able to help me solving that: i've got a system in php that writes data (e.g. variable-name = $data) to a mysql database. there are two more scripts: one for displaying the data and one for writing the data into a formular. the displaying-script includes a link to the formular-script which submits the values for $data. i use the command 'htmlentities' to express the value (there is an html-tag like img src=http:...) correctly. when the formular-script is executed via this link i get a wrong result: img src=\\ there are these backslashes... what 2 do?? You most likely have magic_quotes_runtime enabled in php.ini. Either disable it or use stripslashes() on the data you retrieve from the db. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Loan-department manager: There isn't any fine print. At these interest rates, we don't need it. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php