Solved

htmlentities() Is this working?

Posted on 2011-02-12
5
491 Views
Last Modified: 2013-12-13
I thought htmlentities removed special characters that could be used in a programming language like JavaScript and HTML. When I run this script, it doesn't remove anything. Why not? Is there something I am not understanding? Thanks.

<?php

$dirty = '1234 text name <div> / , ; " \' @ ! ^ & ( ) { }';

$clean = trim(htmlentities($dirty, ENT_QUOTES));

echo $clean;

?>

Open in new window

0
Comment
Question by:kadin
  • 3
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34880476
Remember that what you see on the screen is how the browser deals with the text it is given. the source produced looks like this

1234 text name &lt;div&gt; / , ; &quot; &#039; @ ! ^ &amp; ( ) { }

press CTRL-U in FF
0
 

Author Comment

by:kadin
ID: 34880494
Thanks for your response.

Are you saying that I need not worry because the string is indeed being cleaned and then reprinted just the way it was typed in the first place?

I am trying to clean email that will be sent. When I retrieve the email, I see the same special characters that I typed. Are they really being cleaned behind the scenes? Thanks.
0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 34880522
The string is converted into HTML entities which the browser converts back for display purposes. The string is in the correct format but no-one  wants to see #039;here is a single quoted string#039; so the browser shows them 'here is a single quoted string' instead, but what you are seeing is not what is actually there.

Always check the HTML source, not what you see.
0
 

Author Closing Comment

by:kadin
ID: 34880531
I learned something today. Thanks.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34880539
Think about this then..... when you next see a webpage, look at its source HTML and remember that what gets sent to a browser is the HTML instructions on how to draw the page for a user to see. The original HTML is never seen under normal circumstances. Everything a browser shows you is an interpretation of the drawing instructions (aka HTML) it received from the server.

The web is, in one sense, a big fake. Quite a thought, isn't it?

;-)

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question