KaranGupta
asked on
htmlspecialchars and htmlentities are not working
Hi
This code sample is not working. Can you please help me out
This code sample is not working. Can you please help me out
<?php
$str = "A 'quote' is <b>bold</b>";
echo htmlspecialchars($str);
echo htmlentities($str, ENT_QUOTES);
?>
This appears to be working perfectly.
Browser display:
A 'quote' is <b>bold</b>A 'quote' is <b>bold</b>
View source:
A 'quote' is <b>bold</b>A 'quote' is <b>bold</b>
Man page references:
http://www.php.net/manual/en/function.htmlspecialchars.php
http://www.php.net/manual/en/function.htmlentities.php
Browser display:
A 'quote' is <b>bold</b>A 'quote' is <b>bold</b>
View source:
A 'quote' is <b>bold</b>A 'quote' is <b>bold</b>
Man page references:
http://www.php.net/manual/en/function.htmlspecialchars.php
http://www.php.net/manual/en/function.htmlentities.php
ASKER
Hi
In the sample code given above. I am using both the methods i.e. htmlspecialchars() and htmlentities(). In both the cases output are same. What is the difference between the two?
In the sample code given above. I am using both the methods i.e. htmlspecialchars() and htmlentities(). In both the cases output are same. What is the difference between the two?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What is the difference between the two?You're in luck! PHP is documented online, complete with an online manual and infused with user-contributed notes! You never need to wonder about any PHP function again. Simply go to the online man page and read the descriptions. Look at the examples. See how others have used the language, and what interesting problems they have solved.
IMHO, the popularity of PHP is not rooted in its "ease of use" which has an embarrassing legacy of sloppy code and security problems, but in its online documentation. You can find the links to the documentation for these functions here.
ASKER
I have got the fair knowledge of htmlspecialchars() method, but I am still confused with htmlentities method
I have tried the following code
htmlentities("ñ");
But I can't see anything
I have tried the following code
htmlentities("ñ");
But I can't see anything
what is that you cant find anything?
Did you saw the output difference between those two,
as you can see htmlentities() converts the ñ to the actual HTML code, where as htmlcharacters only coverts HTML tags
in the view source the htmlcharacters outputs same as the input but not in case of
htmlentities() as it converts all html characters
Please look at the difference
Using htmlentities()
OUTPUT (in view source): ñ
Using htmlspecialchars()
OUTPUT (in view source): ñ
Did you saw the output difference between those two,
as you can see htmlentities() converts the ñ to the actual HTML code, where as htmlcharacters only coverts HTML tags
in the view source the htmlcharacters outputs same as the input but not in case of
htmlentities() as it converts all html characters
Please look at the difference
Using htmlentities()
OUTPUT (in view source): ñ
Using htmlspecialchars()
OUTPUT (in view source): ñ
ASKER
Hi
I have tried following samples yesterday
echo htmlspecialchars("ñ");
echo htmlentities("ñ");
If you check the view source you don't find anything. Secondly when I tried following code sample
echo htmlspecialchars("<");
echo htmlentities("<");
according to the description given by you former should be displayed like '<' and later should be like '<' when I view the source. But both are showing as '<'
Please correct me if my understanding is right.
I have tried following samples yesterday
echo htmlspecialchars("ñ");
echo htmlentities("ñ");
If you check the view source you don't find anything. Secondly when I tried following code sample
echo htmlspecialchars("<");
echo htmlentities("<");
according to the description given by you former should be displayed like '<' and later should be like '<' when I view the source. But both are showing as '<'
Please correct me if my understanding is right.
Tried your example,i'm getting it displayed correct.I don't know how you could alone see the same on output screen and view source.Check it or post the screen shot of yours.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
htmlspecialchars() is encoding the < and > characters properly. It is just that when you echo the encoded string to your computer screen, your browser helpfully decodes the characters again. If you view the page source you will see the encoded string.
ON BROWSER
A 'quote' is <b>bold</b>
View page source
A 'quote' is <b>bold</b>