Grow your CSS skills. Land your dream job.

Try out my first PHP web app!

  • # August 25, 2014 at 10:39 am

    Unless you get ” in your text.

    A good reason not to use it.

    @drose379 – please don’t try to implement conversions yourself for the list @soronbe posted. @traq is suggesting you try to figure out the solution yourself as a learning experience. It’s a simple one, and a little research will get you there.

    # August 25, 2014 at 10:57 am

    How can I use that list?

    # August 25, 2014 at 10:59 am

    Should I put the values inside single quotes instead of double?

    # August 25, 2014 at 11:08 am

    How can I use that list?

    Don’t.

    Should I put the values inside single quotes instead of double?

    On the input? There’s a way to make sure it doesn’t matter.

    # August 25, 2014 at 11:17 am

    I’ve tried mysqli real escape string and htmlenteties

    # August 25, 2014 at 11:56 am

    And what happened? At a guess, you should read the documentation. Pay particular attention to the flags section.

    # August 25, 2014 at 1:57 pm

    So why is my list bad but htmlentities() isn’t?

    # August 25, 2014 at 2:20 pm

    Also what is the difference between htmlenteties and MySQLi real escape string?

    # August 25, 2014 at 2:26 pm

    Your list is perfectly fine, I didn’t mean to offend you. But if the function exists, why re-implement it?

    __
    # August 25, 2014 at 2:29 pm

    So why is my list bad but htmlentities() isn’t?

    Nothing’s “bad” about it per se. It’s not implemented, and a programmer might implement it incorrectly (or just partially). htmlentities is tried and tested and maintained (plus it’s native and will run a lot faster).

    what is the difference between htmlenteties and MySQLi real escape string?

    Conceptually, yes, they have similar purposes: to prevent “data” from being interpreted as “instructions.” But, because one deals with HTML and the other deals with MySQL, they do different things and work in completely different ways.

    Read The Friendly Manual for specifics.

    # August 25, 2014 at 3:25 pm

    Ok I’ve been busy today and havent had much time to read the mannual to htmlenteties() on the php website, but ive used it before and tried it on this bug, and it didnt solve anything, im hoping I was just using it incorrectly. One question before I read the mannuals later tonight, do I use the htmlenteties() function when submitting the title to the DB and then just pull that right from the DB to display it? Or vise versa? Do you guys understand what Im asking?

    # August 25, 2014 at 4:28 pm

    Just read the flags and view the examples in the manual. It should all be clear.

    But if the function exists, why re-implement it?
    If you want changes to the function? You want the user to be able to write certain tags but not all (like not script tags).
    Even besides that: in my opinion it’s important to know what a function exactly does, instead only why you are using it.

    __
    # August 25, 2014 at 6:42 pm

    do I use the htmlenteties() function when submitting the title to the DB and then just pull that right from the DB to display it? Or vise versa?

    There isn’t a cut-and-dry answer for that. For example, if you apply htmlentities to the post when you save it, then it will be impossible (or, at the very least, difficult and uncertain) to make a plain text version of the content (e.g., for an RSS reader, or to provide the content in JSON format).

    In general, I save content in its original format, and apply htmlentities only when I’m ready to display it.

    edit
    actually, in most situations, I use htmlspecialchars instead. But in this situation, that doesn’t have any impact on how or why it is used, and the flag options and defaults are identical.

    # August 25, 2014 at 6:55 pm

    Ok I will prob stick with htmlenteties, just what I’m used to. But I’ve never used the flag options I have to look into those. Thanks!

    # August 25, 2014 at 8:59 pm

    Hey guys, took a look at the htmlenteties() function and the new flag parameter that it now accepts. Used it to my advantage and got the forum to accept all sorts of special characters. Also used the html_enteties_decode() function to take the htmlenteties version that I had to insert into the DB and display it as plain text as the forum title. Seems to be working. Heres some code snippets of what makes it work..

    http://pastie.org/9502991

Viewing 15 posts - 196 through 210 (of 462 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".