By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,890 Members | 1,050 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,890 IT Pros & Developers. It's quick & easy.

HTML entity trouble

P: n/a
I'm new to PHP and can use some help with avoiding HTML entity
trouble.

I've got a page which creates a hyperlink as follows:

printf('<a href="%s?txtFilter=%s">%s</a>', $_SERVER['PHP_SELF'],
$txtFilter, $text);

Let's say that the value of $txtFilter is:
directory LIKE '%data1/%'

Clicking on this link takes me to this page:

http://www.mydomain.com/dspItem.php?txtFilter=directory%20LIKE%20'%data1/%'

I then display the value of the URL variable $txtFilter in an HTML
text field:

printf("Filter: <input type='text' name='txtFilter' value='%s'>",
htmlspecialchars($txtFilter, ENT_QUOTES));

The problem is that it is displayed in the text field as
dir LIKE 'Uta1/%'
where the U has an acute accent. The "%da" is being displayed as an
acute-accented U.
Thanks.
-David
Jul 16 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
In article <8b**************************@posting.google.com >,
da*************@xontech.com (David Shadovitz) wrote:
I've got a page which creates a hyperlink as follows:

printf('<a href="%s?txtFilter=%s">%s</a>', $_SERVER['PHP_SELF'],
$txtFilter, $text);

Let's say that the value of $txtFilter is:
directory LIKE '%data1/%'

Clicking on this link takes me to this page:

http://www.mydomain.com/dspItem.php?txtFilter=directory%20LIKE%20'%data1/%'

I then display the value of the URL variable $txtFilter in an HTML
text field:

printf("Filter: <input type='text' name='txtFilter' value='%s'>",
htmlspecialchars($txtFilter, ENT_QUOTES));

The problem is that it is displayed in the text field as
dir LIKE 'Uta1/%'
where the U has an acute accent. The "%da" is being displayed as an
acute-accented U.


$txtFilter = urlencode($txtFilter);

before using it in an <a href="..."> is the first thing that comes to
mind (untested).

JP

--
Sorry, <de*****@cauce.org> is een "spam trap".
E-mail adres is <jpk"at"akamail.com>, waarbij "at" = @.
Jul 16 '05 #2

P: n/a
David Shadovitz wrote:
I'm new to PHP and can use some help with avoiding HTML entity
trouble.

I've got a page which creates a hyperlink as follows:

printf('<a href="%s?txtFilter=%s">%s</a>', $_SERVER['PHP_SELF'],
$txtFilter, $text);

Let's say that the value of $txtFilter is:
directory LIKE '%data1/%'
I hope you aren't passing around SQL statements to be executed. That's wide
open for abuse.

Clicking on this link takes me to this page:

http://www.mydomain.com/dspItem.php?txtFilter=directory%20LIKE%20'%data1/%'

Then your browser is already correcting for your errors. Not all do so in
the same way. The HTML you are producing is:

<a href="dspItem.php?txtFilter=directory LIKE '%data1/%'">...</a>

That contains plenty of errors. To include special characters in the query
string portion of a URL, you need to encode them. PHP provides urlencode()
to do this.

I then display the value of the URL variable $txtFilter in an HTML
text field:

printf("Filter: <input type='text' name='txtFilter' value='%s'>",
htmlspecialchars($txtFilter, ENT_QUOTES));

The problem is that it is displayed in the text field as
dir LIKE 'Uta1/%'
where the U has an acute accent. The "%da" is being displayed as an
acute-accented U.


That is because %da is the encoded form of an acute-accented U. The %
character has a special meaning within query strings, so you need to encode
it as %25. urlencode() will do this for you, along with any other special
characters, such as spaces (%20).

PS: None of this is related to HTML entities. You are handling that with
the htmlspecialchars() function already. Try 'View source' to help debug
things occasionally.

--
Jim Dabell

Jul 16 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.