Can someone please explain to me why/when one would use htmlspecialchars
instead of htmlentities?
I know: if you only want to get certain characters translated. This is not
the answer I'm looking for, I would like to know *why* you would want that,
as opposed to a full translation.
8  7868 
mijn naam escribió:
Can someone please explain to me why/when one would use htmlspecialchars
instead of htmlentities?
I know: if you only want to get certain characters translated. This is
not the answer I'm looking for, I would like to know *why* you would
want that, as opposed to a full translation.
htmlspecialchars allows you, per example to display HTML Code (not have
it interpreted by the browser).
Can be useful if you are coding a BBS and you want the BBCode tags to work, so that users can post examples.
htmlentities will replace everything it can.
Can be useful if your want to store accentued letters in a database that
does not support it (does that exists?), or to be really sure that all
of your users are going to see accentued letters, even without setting
correctly the charset you are using.
Well that's what I believe at least.
I may be wrong, and I'm sure their are better uses of htmlentities that
displaying correctly content with a badly setted charset
Romain Gilliotte escribió:
mijn naam escribió:
>Can someone please explain to me why/when one would use
htmlspecialchars instead of htmlentities?
I know: if you only want to get certain characters translated. This
is not the answer I'm looking for, I would like to know *why* you
would want that, as opposed to a full translation.
htmlspecialchars allows you, per example to display HTML Code (not have
it interpreted by the browser).
Can be useful if you are coding a BBS and you want the BBCode tags to work, so that users can post examples.
htmlentities will replace everything it can.
Can be useful if your want to store accentued letters in a database that
does not support it (does that exists?), or to be really sure that all
of your users are going to see accentued letters, even without setting
correctly the charset you are using.
Well that's what I believe at least.
I may be wrong, and I'm sure their are better uses of htmlentities that
displaying correctly content with a badly setted charset
I found this on php.net:
richard at aggmedia dot net
13-Mar-2008 04:32
From SR:
There's no sane reason to use htmlentities() instead
of htmlspecialchars(). As long as you specify the charset
of a page with a Content-Type meta in the head of a
page (which you should ALWAYS do in the first place),
escaping all characters is completely pointless and will
only grow the size of your page. Only the special HTML
characters (<, >, &, etc.) need to be escaped, which is
exactly what htmlspecialchars() does
This is inaccurate and unhelpful.
There are many cases where you would want to convert a UTF-8 (or other)
encoded string into appropriate HTML entity representations, as well as
being just good practice to use more compatable entities instead of
embedded character encodings.
One such example is when using JavaScript for string manipulation, which
doesn't support character sets and thus does not respect the UTF-8 BOM.
By converting to full entities, JavaScript works with the entity text
instead of byte codes.
So long as the developer understands what is happening with encoding and
how character sets work, they should make their own call on which
function they need to use.
..oO(mijn naam)
>Can someone please explain to me why/when one would use htmlspecialchars
instead of htmlentities?
htmlspecialchars() is _always_ required if you want to print arbitrary
textual data to an HTML page. Some characters have a special meaning in
HTML and have to be escaped if they appear in your text. It also helps
to prevent XSS (cross-site-scripting) attacks, if you're printing user-
submitted data.
htmlentities() is not really necessary anymore, because today every
system (server-side and client-side) should be capable of handling UTF-8
data. This means you don't have to use ugly character references like
é anymore, but can write all the chars you want directly, like é.
Micha
..oO(Romain Gilliotte)
>I found this on php.net:
richard at aggmedia dot net
13-Mar-2008 04:32
From SR:
There's no sane reason to use htmlentities() instead
of htmlspecialchars(). As long as you specify the charset
of a page with a Content-Type meta in the head of a
page (which you should ALWAYS do in the first place),
escaping all characters is completely pointless and will
only grow the size of your page. Only the special HTML
characters (<, >, &, etc.) need to be escaped, which is
exactly what htmlspecialchars() does
This is inaccurate and unhelpful.
There are many cases where you would want to convert a UTF-8 (or other)
encoded string into appropriate HTML entity representations
I can't think of any one.
>as well as
being just good practice to use more compatable entities instead of
embedded character encodings.
HTML is based on Unicode. Virtually every user agent supports UTF-8,
even NN 4 and search engine bots. And if one UA should have problems
with it, then it doesn't really matter anyway.
>One such example is when using JavaScript for string manipulation, which
doesn't support character sets and thus does not respect the UTF-8 BOM.
What kind of string manipulations? And why should JS have problems with
UTF-8 or Unicode in general?
>By converting to full entities, JavaScript works with the entity text
instead of byte codes.
Which might cause new problems, dependent on what you're trying to do
with the strings.
Micha
"Romain Gilliotte" <el****@gmail.comschreef in bericht
news:48***********************@news.free.fr...
So long as the developer understands what is happening with encoding and
how character sets work, they should make their own call on which function
they need to use.
Ack, thanks for your insight (all of it).
As I expected: it depends. A benefit of using htmlspecialchars would be
resource utilization.
The main reason would be taste. :-)
..oO(mijn naam)
>"Romain Gilliotte" <el****@gmail.comschreef in bericht
news:48***********************@news.free.fr...
>So long as the developer understands what is happening with encoding and
how character sets work, they should make their own call on which function
they need to use.
Ack, thanks for your insight (all of it).
As I expected: it depends. A benefit of using htmlspecialchars would be
resource utilization.
The main reason would be taste. :-)
The main reasons for htmlspecialchars() are security and reliability.
Micha
Michael Fesser wrote:
htmlentities() is not really necessary anymore, because today every
system (server-side and client-side) should be capable of handling UTF-8
data.
That's supossing you consider MSIE7 up to today's standards :-D
--
----------------------------------
Iván Sánchez Ortega -ivan-algarroba-sanchezortega-punto-es-
MSN:i_*************************@hotmail.com
Jabber:iv*********@jabber.org ; iv*********@kdetalk.net
..oO(Iván Sánchez Ortega)
>Michael Fesser wrote:
>htmlentities() is not really necessary anymore, because today every
system (server-side and client-side) should be capable of handling UTF-8
data.
That's supossing you consider MSIE7 up to today's standards :-D
Not really, but at least UTF-8 works there.
Micha This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: tco |
last post by:
Hi all,
I'm searching a reverse function for htmlentities.... i couldn't find
anything in the manual and over forums :-/
does anyone have an idea ?
many thanks in advance,
--
tco
|
by: SoulSniper |
last post by:
I'm working on a modification to a popular blog script, the
modification is for putting source code into a post for the world to
see. The idea is exactly the same as putting code into a post on a...
|
by: lawrence |
last post by:
Using the conversion to char sets described for these functions, is it
possible to get a whole string into some charset? I'm trying to figure
out a way to take invalid character sets from idiot...
|
by: brianj |
last post by:
Running php 4.3.6 on winxp machine
I have following code:
-----------------------------------------------------------------------
Restaurants <select size='1' name='restaurants'>
<?
while (...
|
by: Gandalf |
last post by:
Hi all! I'm writting a web application using IIS and Python. I would
like to have the Python equvalient of the PHP functions 'htmlentities'
and 'htmlspecialchars'. E.g. to convert
a' >>>> ...
|
by: universalbitmapper |
last post by:
Hi,
$new = htmlspecialchars("<a href=", ENT_QUOTES, 'ISO-8859-15');
echo $new;
displays:
<a href
Instead of :
|
by: jl |
last post by:
>From the php manual I copied and pasted this example:
<?php
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);
// Outputs: A 'quote' is...
|
by: matthud |
last post by:
<?php
//MAKE IT SAFE
$chunk = $_POST;
$title = $_POST;
$url = $_POST;
$tags = $_POST;
$user = $_POST;
$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title =...
|
by: nathj |
last post by:
Hi,
As you can tell by the subject of this post I'm having a spot of bother with htmlentities() and html_entity_decode().
I have built/am building a web site that allows user feedback. When...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
