Bl248
asked on
Is there a need to use html_entity_decode?
For a text field where I want to allow apostrophe's (single quotes) and basic html like a bold tag. I am filtering the input field, stripping the data and using addslahes() if required.
When it comes to updating this field - I would use stripslashes and htmlspecialchars to convert the quotes and <> to html entitie as in stripslashes(htmlspecialch ars($data_ value,ENT_ QUOTES))
I can see the slashes have been stripped and entities used - example:
"do quote's work? new <b>test</b>" - becomes
"do quote's work?\nnew<b>test< ;/b>"
The content in the input field <textarea> looks correct - no unusual characters
do quote's work? new test -- where test is in bold
When the form is posted the incoming value does not contain entities but just the characters. The quote is a ' and the < is a <
It would appear I do not need to use html_entities_decode on this data before saving to revert it back. I would need to ensure I save the data as it appears and not with the HTML entity values.
I would want to search on quote's and not quote's
I ask because there are a number of comments in the online html manual about using a un-convert entity function or html_entity_decode(). I would think this is only needed if the data was not being displayed and posted back or was in a hidden field and somehow the entity value were still retained.
Anyway - interested to see if I am missing something.
When it comes to updating this field - I would use stripslashes and htmlspecialchars to convert the quotes and <> to html entitie as in stripslashes(htmlspecialch
I can see the slashes have been stripped and entities used - example:
"do quote's work? new <b>test</b>" - becomes
"do quote's work?\nnew<b>test<
The content in the input field <textarea> looks correct - no unusual characters
do quote's work? new test -- where test is in bold
When the form is posted the incoming value does not contain entities but just the characters. The quote is a ' and the < is a <
It would appear I do not need to use html_entities_decode on this data before saving to revert it back. I would need to ensure I save the data as it appears and not with the HTML entity values.
I would want to search on quote's and not quote's
I ask because there are a number of comments in the online html manual about using a un-convert entity function or html_entity_decode(). I would think this is only needed if the data was not being displayed and posted back or was in a hidden field and somehow the entity value were still retained.
Anyway - interested to see if I am missing something.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm sure there are special applications where they need to do the entity_decode then but it's not the standard apps that I write need.