 nathj  938
Recognized Expert Contributor
Hi,
As you can tell by the subject of this post I'm having a spot of bother with htmlentities() and html_entity_dec ode().
I have built/am building a web site that allows user feedback. When the user enters their review of a resource it is stored in the database. It goes into a LONGTEXT field and what is entered is passed through htmlentities():
[php]
$reviewToStore = htmlentities($r eviewEntered, ENT_QUOTES) ;
[/php]
The results in the database appear fine: -
Entered text = It's great a really useful resource
-
Stored text = It's great a really useful resource
-
When I come to display this review again I take the data from the table and pass it through html_entity_dec ode():
[php]
echo "<textarea> " . html_entity_dec ode($reviewFrom DB, ENT_QUOTES) . "</textarea"> ;
[/php]
This produces the output: -
It\'s great a really useful resource
-
With the way my code is set up I think this is leading to some other problems further down the line, but I thought I'd start at the beginning and see if anyone knew why this might be happening. I've read over the manual and can't figure this one out.
Cheers
nathj
9 4349   Motoma 3,237
Recognized Expert Specialist
Hi,
As you can tell by the subject of this post I'm having a spot of bother with htmlentities() and html_entity_dec ode().
I have built/am building a web site that allows user feedback. When the user enters their review of a resource it is stored in the database. It goes into a LONGTEXT field and what is entered is passed through htmlentities():
[php]
$reviewToStore = htmlentities($r eviewEntered, ENT_QUOTES) ;
[/php]
The results in the database appear fine:
-
Entered text = It's great a really useful resource
-
Stored text = It's great a really useful resource
-
When I come to display this review again I take the data from the table and pass it through html_entity_dec ode():
[php]
echo "<textarea> " . html_entity_dec ode($reviewFrom DB, ENT_QUOTES) . "</textarea"> ;
[/php]
This produces the output:
-
It\'s great a really useful resource
-
With the way my code is set up I think this is leading to some other problems further down the line, but I thought I'd start at the beginning and see if anyone knew why this might be happening. I've read over the manual and can't figure this one out.
Cheers
nathj
Why are you running html_entity_dec ode()? Do you want raw HTML placed in your document? It most surely mess up the TEXTAREA tags if you do.
nathj 938
Recognized Expert Contributor
Why are you running html_entity_dec ode()? Do you want raw HTML placed in your document? It most surely mess up the TEXTAREA tags if you do.
I may have simply misuderstood what this function does but I want quotes stored in the database as ' for example and then displayed properly on the front end.
Is this just not required?
Cheers
Nathan
Motoma 3,237
Recognized Expert Specialist
I may have simply misuderstood what this function does but I want quotes stored in the database as ' for example and then displayed properly on the front end.
Is this just not required?
Cheers
Nathan
Are you using MySQL? If I understand you correctly, what you are trying to do is allow yourself to store single quotes in the Database without screwing up your INSERT query. In that case, mysql_real_esca pe_string() is the best function for the job.
If I am misunderstandin g what you are attempting to do, please let me know.
If you do this going into the database:
[PHP]$reviewToStore = mysql_real_esca pe_string($_POS T['reviewEntered']);[/PHP]
This will add the slashes before the quotes and retain the '. This assuming that you're assigning the results of the form field "reviewEnte red" to the variable "reviewToStore" , which is the name of the database row you want to enter the results into. Results:
It\'s great a really useful resource
When you pull the information out of the database row "reviewToSt ore" to display in a Web page, use stripslashes() to remove the slashes put in by mysql_real_esca pe_string():
[PHP]$query = "SELECT * FROM tablename ORDER BY id";
$result = mysql_query($qu ery) or die(mysql_error ());
while($row = mysql_fetch_arr ay($result, MYSQL_ASSOC))
{
$id = $row['id'];
$reviewToStore = stripslashes($r ow['reviewToStore']);
}[/PHP]
Results:
It's great a really useful resource Motoma 3,237
Recognized Expert Specialist
When you pull the information out of the database row "reviewToSt ore" to display in a Web page, use stripslashes() to remove the slashes put in by mysql_real_esca pe_string():
Sorry to cut in, but you are incorrect on this point. The slashes added by mysql_real_esca pe_string() are there only to allow MySQL to properly parse the SQL query. After you perform the INSERT statement, the data will reside in it's orginal, unescaped form in your table. This means that any SELECT queries will return a dataset in the exact format you need to use it. -
$ins = "It's all good"; // It's all good
-
$ins = mysql_real_escape_string($ins); // It\'s all good
-
mysql_query("INSERT INTO `myTable` SET `textfield` = '$ins'"); // INSERT INTO `myTable SET `textfield` = 'It\'s all good'
-
/*
-
If you now perform a SELECT statement, you will see that the text field in the database actually holds "It's all good" and that there are no slashes. This is the exact way it will be retrieved from the database as well.
-
*/
-
Sorry to cut in...
No, by all means do.
So, there's really no need to do addslashes() when retrieving the information from the database when you use mysql_real_esca pe_string() then? Is this correct?
If so, then this will save me a little typing and that's a good thing.
nathj 938
Recognized Expert Contributor
Hi Guys (generic term non-gender specific),
Wow, this is great! I get to work in the morning and there loads of help waiting for me. What's more I now have it all working with a combination of mysql_real_esca pe_string() and stripslashes() for the reload to the text area. I hear what you're syaing Motoma and the manual agrees, however, the system showed the slashes on the reload as they were there in the database. So I added the strip slashes and evrything was great.
As I predicted in my original post solving this has resolved the other issues I had.
The review system I have now loads and closes and re-loads the review controls at will.
Thank's to you both for your help - I couldn't have cracked this without you.
Cheers
nathj
Motoma 3,237
Recognized Expert Specialist
Hi Guys (generic term non-gender specific),
Wow, this is great! I get to work in the morning and there loads of help waiting for me. What's more I now have it all working with a combination of mysql_real_esca pe_string() and stripslashes() for the reload to the text area. I hear what you're syaing Motoma and the manual agrees, however, the system showed the slashes on the reload as they were there in the database. So I added the strip slashes and evrything was great.
As I predicted in my original post solving this has resolved the other issues I had.
The review system I have now loads and closes and re-loads the review controls at will.
Thank's to you both for your help - I couldn't have cracked this without you.
Cheers
nathj
WELL!
If there are still slashed prevalent in your data, than you really didn't need to escape your dataset at all. I believe (with good reason) that you are working with magic_quotes_gp c enabled on your server, therefore any user posted data is escaped to begin with.
nathj 938
Recognized Expert Contributor
WELL!
If there are still slashed prevalent in your data, than you really didn't need to escape your dataset at all. I believe (with good reason) that you are working with magic_quotes_gp c enabled on your server, therefore any user posted data is escaped to begin with.
Motoma,
I just ran phpInfo() on the server and you are correct my host has magic_quotes_gp c set to ON. I'm learning stuff all the time here.
Thanks for the tip, it makes sense of what I was being told and what I was seeing happening. I've only been doing this for a 5 months and I've learned so much, largely from this forum, but then I kept realisinghow much more there is to learn!
Cheers
nathj
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: HI-Lab * the Social Technology |
last post by:
Is there another function or a workaround to have same results of
html_entity_decode in php 4.1.x?
Thanks.
--
=======================================
HI-LAB the Social Technology
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
www.hi-lab.net
|
by: tco |
last post by:
Hi all,
I'm searching a reverse function for htmlentities.... i couldn't find
anything in the manual and over forums :-/
does anyone have an idea ?
many thanks in advance,
--
tco
|
by: sylvian stone |
last post by:
Hi,
I've been having problems encoding / decoding data, and can't seem to
figure out where I am going wrong.
I extract data from a mysql table with a line like:
$object_name = stripslashes(htmlspecialchars($row,
ENT_QUOTES));
|
by: Taras_96 |
last post by:
Hi all,
I was hoping to get some clarification on a couple of questions I have:
1) When should htmlspecial characters be used? As a general rule should
it be used for text that may contain special characters that is going
to be rendered in the browser (ie: text that isn't in tags)? I've got a
javascript onclick handler whose code includes an ampersand and the
HTML validator complains. I don't know if I should escape the
ampersand, or...
|
by: jl |
last post by:
>From the php manual I copied and pasted this example:
<?php
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
| | |
by: matthud |
last post by:
<?php
//MAKE IT SAFE
$chunk = $_POST;
$title = $_POST;
$url = $_POST;
$tags = $_POST;
$user = $_POST;
$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title = mysql_real_escape_string(htmlentities($title));
|
by: Ajm113 |
last post by:
Ok, I want to disable any html tags, but the problem is when I do add in the nl2br function with a htmlentities it displays the tags for the <br>! I even keep seeing rn every time I enter a return in that area from the textarea html command. So how do I have nl2br going and htmlentities going at the same time, but not having to disabling each other?
|
by: BG Mahesh |
last post by:
hi
We are using the normal html controls (textarea) in the posting form.
The form page has the utf-8 character set.
Users are copying the text from MS Word or Openoffice doc etc.
Our PHP code is handling the conversion of RTF text characters and utf
characters into HTML entities (e.g. & is being converted to & by
the inbuilt php function 'htmlentities')
|
by: mijn naam |
last post by:
Can someone please explain to me why/when one would use htmlspecialchars
instead of htmlentities?
I know: if you only want to get certain characters translated. This is not
the answer I'm looking for, I would like to know *why* you would want that,
as opposed to a full translation.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
