Link to home
Start Free TrialLog in
Avatar of KaranGupta
KaranGupta

asked on

htmlspecialchars and htmlentities are not working

Hi

This code sample is not working. Can you please help me out

<?php
$str = "A 'quote' is <b>bold</b>";

echo htmlspecialchars($str);
echo htmlentities($str, ENT_QUOTES);
?>

Open in new window

Avatar of ramyajanarthanan
ramyajanarthanan
Flag of India image

May I know what you mean by not working

htmlspecialchars() is encoding the < and > characters properly. It is just that when you echo the encoded string to your computer screen, your browser helpfully decodes the characters again. If you view the page source you will see the encoded string.

ON BROWSER
A 'quote' is <b>bold</b>

View page source

A 'quote' is &lt;b&gt;bold&lt;/b&gt;
This appears to be working perfectly.

Browser display:
A 'quote' is <b>bold</b>A 'quote' is <b>bold</b>

View source:
A 'quote' is &lt;b&gt;bold&lt;/b&gt;A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;

Man page references:
http://www.php.net/manual/en/function.htmlspecialchars.php
http://www.php.net/manual/en/function.htmlentities.php
Avatar of KaranGupta
KaranGupta

ASKER

Hi

In the sample code given above. I am using both the methods i.e. htmlspecialchars() and htmlentities(). In both the cases output are same. What is the difference between the two?
SOLUTION
Avatar of ramyajanarthanan
ramyajanarthanan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
What is the difference between the two?
You're in luck!  PHP is documented online, complete with an online manual and infused with user-contributed notes!  You never need to wonder about any PHP function again.  Simply go to the online man page and read the descriptions.  Look at the examples.  See how others have used the language, and what interesting problems they have solved.

IMHO, the popularity of PHP is not rooted in its "ease of use" which has an embarrassing legacy of sloppy code and security problems, but in its online documentation.  You can find the links to the documentation for these functions here.
I have got the fair knowledge of htmlspecialchars() method, but I am still confused with htmlentities method

I have tried the following code
htmlentities("ñ");
But I can't see anything
what is that you cant find anything?

Did you saw the output difference between those two,

as you can see htmlentities() converts the ñ to the actual HTML code, where as htmlcharacters only coverts HTML tags

in the view source the htmlcharacters outputs same as the input but not in case of
htmlentities() as it converts all html characters

Please look at the difference


Using htmlentities()

OUTPUT (in view source): &Atilde;&plusmn;


Using htmlspecialchars()


OUTPUT (in view source): ñ
Hi

I have tried following samples yesterday


echo htmlspecialchars("ñ");
echo htmlentities("ñ");

If you check the view source you don't find anything. Secondly when I tried following code sample


echo htmlspecialchars("<");
echo htmlentities("<");

according to the description given by you former should be displayed like '<' and later should be like '&lt;' when I view the source. But both are showing as '&lt;'

Please correct me if my understanding is right.
Tried your example,i'm getting it displayed correct.I don't know how you could alone  see the same on output screen and view source.Check it or post the screen shot of yours.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial