Can someone please explain to me why/when one would use htmlspecialchar s
instead of htmlentities?
I know: if you only want to get certain characters translated. This is not
the answer I'm looking for, I would like to know *why* you would want that,
as opposed to a full translation. 8 7909
mijn naam escribió:
Can someone please explain to me why/when one would use htmlspecialchar s
instead of htmlentities?
I know: if you only want to get certain characters translated. This is
not the answer I'm looking for, I would like to know *why* you would
want that, as opposed to a full translation.
htmlspecialchar s allows you, per example to display HTML Code (not have
it interpreted by the browser).
Can be useful if you are coding a BBS and you want the BBCode tags to work, so that users can post examples.
htmlentities will replace everything it can.
Can be useful if your want to store accentued letters in a database that
does not support it (does that exists?), or to be really sure that all
of your users are going to see accentued letters, even without setting
correctly the charset you are using.
Well that's what I believe at least.
I may be wrong, and I'm sure their are better uses of htmlentities that
displaying correctly content with a badly setted charset
Romain Gilliotte escribió:
mijn naam escribió:
>Can someone please explain to me why/when one would use htmlspecialcha rs instead of htmlentities?
I know: if you only want to get certain characters translated. This is not the answer I'm looking for, I would like to know *why* you would want that, as opposed to a full translation.
htmlspecialchar s allows you, per example to display HTML Code (not have
it interpreted by the browser).
Can be useful if you are coding a BBS and you want the BBCode tags to work, so that users can post examples.
htmlentities will replace everything it can.
Can be useful if your want to store accentued letters in a database that
does not support it (does that exists?), or to be really sure that all
of your users are going to see accentued letters, even without setting
correctly the charset you are using.
Well that's what I believe at least.
I may be wrong, and I'm sure their are better uses of htmlentities that
displaying correctly content with a badly setted charset
I found this on php.net:
richard at aggmedia dot net
13-Mar-2008 04:32
From SR:
There's no sane reason to use htmlentities() instead
of htmlspecialchar s(). As long as you specify the charset
of a page with a Content-Type meta in the head of a
page (which you should ALWAYS do in the first place),
escaping all characters is completely pointless and will
only grow the size of your page. Only the special HTML
characters (<, >, &, etc.) need to be escaped, which is
exactly what htmlspecialchar s() does
This is inaccurate and unhelpful.
There are many cases where you would want to convert a UTF-8 (or other)
encoded string into appropriate HTML entity representations , as well as
being just good practice to use more compatable entities instead of
embedded character encodings.
One such example is when using JavaScript for string manipulation, which
doesn't support character sets and thus does not respect the UTF-8 BOM.
By converting to full entities, JavaScript works with the entity text
instead of byte codes.
So long as the developer understands what is happening with encoding and
how character sets work, they should make their own call on which
function they need to use.
..oO(mijn naam)
>Can someone please explain to me why/when one would use htmlspecialchar s instead of htmlentities?
htmlspecialchar s() is _always_ required if you want to print arbitrary
textual data to an HTML page. Some characters have a special meaning in
HTML and have to be escaped if they appear in your text. It also helps
to prevent XSS (cross-site-scripting) attacks, if you're printing user-
submitted data.
htmlentities() is not really necessary anymore, because today every
system (server-side and client-side) should be capable of handling UTF-8
data. This means you don't have to use ugly character references like
é anymore, but can write all the chars you want directly, like é.
Micha
..oO(Romain Gilliotte)
>I found this on php.net:
richard at aggmedia dot net 13-Mar-2008 04:32
From SR:
There's no sane reason to use htmlentities() instead
of htmlspecialchar s(). As long as you specify the charset
of a page with a Content-Type meta in the head of a
page (which you should ALWAYS do in the first place),
escaping all characters is completely pointless and will
only grow the size of your page. Only the special HTML
characters (<, >, &, etc.) need to be escaped, which is
exactly what htmlspecialchar s() does
This is inaccurate and unhelpful.
There are many cases where you would want to convert a UTF-8 (or other) encoded string into appropriate HTML entity representations
I can't think of any one.
>as well as being just good practice to use more compatable entities instead of embedded character encodings.
HTML is based on Unicode. Virtually every user agent supports UTF-8,
even NN 4 and search engine bots. And if one UA should have problems
with it, then it doesn't really matter anyway.
>One such example is when using JavaScript for string manipulation, which doesn't support character sets and thus does not respect the UTF-8 BOM.
What kind of string manipulations? And why should JS have problems with
UTF-8 or Unicode in general?
>By converting to full entities, JavaScript works with the entity text instead of byte codes.
Which might cause new problems, dependent on what you're trying to do
with the strings.
Micha
"Romain Gilliotte" <el****@gmail.c omschreef in bericht
news:48******** *************** @news.free.fr.. .
So long as the developer understands what is happening with encoding and
how character sets work, they should make their own call on which function
they need to use.
Ack, thanks for your insight (all of it).
As I expected: it depends. A benefit of using htmlspecialchar s would be
resource utilization.
The main reason would be taste. :-)
..oO(mijn naam)
>"Romain Gilliotte" <el****@gmail.c omschreef in bericht news:48******* *************** *@news.free.fr. ..
>So long as the developer understands what is happening with encoding and how character sets work, they should make their own call on which function they need to use.
Ack, thanks for your insight (all of it).
As I expected: it depends. A benefit of using htmlspecialchar s would be resource utilization.
The main reason would be taste. :-)
The main reasons for htmlspecialchar s() are security and reliability.
Micha
Michael Fesser wrote:
htmlentities() is not really necessary anymore, because today every
system (server-side and client-side) should be capable of handling UTF-8
data.
That's supossing you consider MSIE7 up to today's standards :-D
--
----------------------------------
Iván Sánchez Ortega -ivan-algarroba-sanchezortega-punto-es-
MSN:i_********* *************** *@hotmail.com
Jabber:iv****** ***@jabber.org ; iv*********@kde talk.net
..oO(Iván Sánchez Ortega)
>Michael Fesser wrote:
>htmlentities () is not really necessary anymore, because today every system (server-side and client-side) should be capable of handling UTF-8 data.
That's supossing you consider MSIE7 up to today's standards :-D
Not really, but at least UTF-8 works there.
Micha This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: tco |
last post by:
Hi all,
I'm searching a reverse function for htmlentities.... i couldn't find
anything in the manual and over forums :-/
does anyone have an idea ?
many thanks in advance,
--
tco
|
by: SoulSniper |
last post by:
I'm working on a modification to a popular blog script, the
modification is for putting source code into a post for the world to
see. The idea is exactly the same as putting code into a post on a
phpBB2 forum. When posting code it has to be between and
. The text ends up in a nice looking table making for easy
reading.
The problem I have is that I want the text between and
to have htmlspecialchars() run on it before it is returned,...
|
by: lawrence |
last post by:
Using the conversion to char sets described for these functions, is it
possible to get a whole string into some charset? I'm trying to figure
out a way to take invalid character sets from idiot users, and
translate the string so that in the end I have a string that won't
cause my XML to test invalid.
html_entity_decode()
htmlspecialchars()
htmlentities()
|
by: brianj |
last post by:
Running php 4.3.6 on winxp machine
I have following code:
-----------------------------------------------------------------------
Restaurants <select size='1' name='restaurants'>
<?
while ( $row = mysql_fetch_array($restaurant)){
$opt = "<option value = '" . $row . "'>" .
$row
. "</option>";
$opt = htmlspecialchars($opt, ENT_QUOTES);
|
by: Gandalf |
last post by:
Hi all! I'm writting a web application using IIS and Python. I would
like to have the Python equvalient of the PHP functions 'htmlentities'
and 'htmlspecialchars'. E.g. to convert
a' >>>> aacute;
õ >>>> otilde;
and the others. I looked for them in many libraries (urllib, htmllib,
urlparse etc.) but I could only find the 'urlencode' function. I could
not find anything on google ('python htmlentities equvalent'). Please
| |
by: universalbitmapper |
last post by:
Hi,
$new = htmlspecialchars("<a href=", ENT_QUOTES, 'ISO-8859-15');
echo $new;
displays:
<a href
Instead of :
|
by: jl |
last post by:
>From the php manual I copied and pasted this example:
<?php
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
|
by: matthud |
last post by:
<?php
//MAKE IT SAFE
$chunk = $_POST;
$title = $_POST;
$url = $_POST;
$tags = $_POST;
$user = $_POST;
$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title = mysql_real_escape_string(htmlentities($title));
|
by: nathj |
last post by:
Hi,
As you can tell by the subject of this post I'm having a spot of bother with htmlentities() and html_entity_decode().
I have built/am building a web site that allows user feedback. When the user enters their review of a resource it is stored in the database. It goes into a LONGTEXT field and what is entered is passed through htmlentities():
$reviewToStore = htmlentities($reviewEntered, ENT_QUOTES) ;
The results in the database...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |