473,326 Members | 2,196 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

htmlentities adds slashes - why?


Folks,
I'm using Apache/1.3.28 (SuSE 7.1, kernal 2.4) with PHP/4.3.2. I have the
following code to help cleanse form data.

function cleanData($sourceData, &$cleanData)
{ foreach($myData as $fieldName=>$fieldValue)
{ if(strlen($fieldValue)>0)
{ $cleanData[$fieldName]=htmlentities(trim($fieldValue)); }
else
{ $cleanData[$fieldName]=""; }
}

return;
}

cleanData($_POST, $formData);
I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place. A view
source of my html code, via my client browser produced the following (until
I used stripslashes which removed the slashes).

\"here\"

What is the recommended action here? Is it something I need switch off in
php.ini or is it safer for me just to continue and use stripslashes as part
of my function?

Thanks
randelld

Jul 16 '05 #1
3 4956
uws
I <U3***********************@news2.calgary.shaw.ca >, Randell D. skrev:
I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place.


Because " is used as a string delimiter in html tag attributes,
htmlentities() adds a backslash to make sure those double quotes are not
treated as such.

dag maar weer tot de volgende keer meneer, Wouter

--
:wq mail uw*@xs4all.nl

so much we don't know :: even our own true face -- after forever
Jul 16 '05 #2
On Fri, 8 Aug 2003 11:58:05 +0200, uws <uw*@xs4all.invalid> wrote:
I <U3***********************@news2.calgary.shaw.ca >, Randell D. skrev:
I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place.


Because " is used as a string delimiter in html tag attributes,
htmlentities() adds a backslash to make sure those double quotes are not
treated as such.


No... If it were to escape a double quote in HTML, it would output &quot;

Backslashes do not escape in HTML. This is not caused by htmlentities, or if
it is, it's a bug in a specific version...

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Jul 16 '05 #3
On Fri, 08 Aug 2003 09:29:24 GMT, "Randell D."
<yo**************************@yahoo.com> wrote:
I'm using Apache/1.3.28 (SuSE 7.1, kernal 2.4) with PHP/4.3.2. I have the
following code to help cleanse form data.

function cleanData($sourceData, &$cleanData)
{ foreach($myData as $fieldName=>$fieldValue)
{ if(strlen($fieldValue)>0)
{ $cleanData[$fieldName]=htmlentities(trim($fieldValue)); }
else
{ $cleanData[$fieldName]=""; }
}

return;
}

cleanData($_POST, $formData);

I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place. A view
source of my html code, via my client browser produced the following (until
I used stripslashes which removed the slashes).

\&quot;here\&quot;
This indicates that your original string was:

\"here\"

_before_ it got to htmlentities.

Do you have magic_quotes_gpc turned on? If this is on, all incoming
POST/GET/etc. data is escaped á la addslashes().
What is the recommended action here? Is it something I need switch off in
php.ini or is it safer for me just to continue and use stripslashes as part
of my function?


Turn off magic_quotes_gpc and use addslashes() where appropriate (i.e. not in
this case).

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Jul 16 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: John Dunlop | last post by:
(Crossposted and followups set. Hope you don't mind Markus.) The Manual expresses the parameters of htmlentities as: string string ] http://www.php.net/manual/en/function.htmlentities.php ...
2
by: tco | last post by:
Hi all, I'm searching a reverse function for htmlentities.... i couldn't find anything in the manual and over forums :-/ does anyone have an idea ? many thanks in advance, -- tco
13
by: lawrence | last post by:
A user writes this sentence: "It was the New Urbanist's nightmare of sprawl run amok." They input that and my PHP script hits it with addslashes() and then the sentence gets put in the database....
10
by: Carlos Ribeiro | last post by:
Hello all. I'm sending this to the list because I would like to know if someone else has ever stumbled across this one, and also because one possible solution is to patch, or simply "decorate",...
7
by: Taras_96 | last post by:
Hi all, I was hoping to get some clarification on a couple of questions I have: 1) When should htmlspecial characters be used? As a general rule should it be used for text that may contain...
3
by: jl | last post by:
>From the php manual I copied and pasted this example: <?php $str = "A 'quote' is <b>bold</b>"; // Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt; echo htmlentities($str); // Outputs: A 'quote' is...
2
by: matthud | last post by:
<?php //MAKE IT SAFE $chunk = $_POST; $title = $_POST; $url = $_POST; $tags = $_POST; $user = $_POST; $safe_chunk = mysql_real_escape_string(htmlentities($chunk)); $safe_title =...
9
nathj
by: nathj | last post by:
Hi, As you can tell by the subject of this post I'm having a spot of bother with htmlentities() and html_entity_decode(). I have built/am building a web site that allows user feedback. When...
8
by: mijn naam | last post by:
Can someone please explain to me why/when one would use htmlspecialchars instead of htmlentities? I know: if you only want to get certain characters translated. This is not the answer I'm...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.