Solved

htmlentities() Is this working?

Posted on 2011-02-12
5
492 Views
Last Modified: 2013-12-13
I thought htmlentities removed special characters that could be used in a programming language like JavaScript and HTML. When I run this script, it doesn't remove anything. Why not? Is there something I am not understanding? Thanks.

<?php

$dirty = '1234 text name <div> / , ; " \' @ ! ^ & ( ) { }';

$clean = trim(htmlentities($dirty, ENT_QUOTES));

echo $clean;

?>

Open in new window

0
Comment
Question by:kadin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34880476
Remember that what you see on the screen is how the browser deals with the text it is given. the source produced looks like this

1234 text name &lt;div&gt; / , ; &quot; &#039; @ ! ^ &amp; ( ) { }

press CTRL-U in FF
0
 

Author Comment

by:kadin
ID: 34880494
Thanks for your response.

Are you saying that I need not worry because the string is indeed being cleaned and then reprinted just the way it was typed in the first place?

I am trying to clean email that will be sent. When I retrieve the email, I see the same special characters that I typed. Are they really being cleaned behind the scenes? Thanks.
0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 34880522
The string is converted into HTML entities which the browser converts back for display purposes. The string is in the correct format but no-one  wants to see #039;here is a single quoted string#039; so the browser shows them 'here is a single quoted string' instead, but what you are seeing is not what is actually there.

Always check the HTML source, not what you see.
0
 

Author Closing Comment

by:kadin
ID: 34880531
I learned something today. Thanks.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34880539
Think about this then..... when you next see a webpage, look at its source HTML and remember that what gets sent to a browser is the HTML instructions on how to draw the page for a user to see. The original HTML is never seen under normal circumstances. Everything a browser shows you is an interpretation of the drawing instructions (aka HTML) it received from the server.

The web is, in one sense, a big fake. Quite a thought, isn't it?

;-)

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question