@drose379 – please don’t try to implement conversions yourself for the list @soronbe posted. @traq is suggesting you try to figure out the solution yourself as a learning experience. It’s a simple one, and a little research will get you there.
Nothing’s “bad” about it per se. It’s not implemented, and a programmer might implement it incorrectly (or just partially). htmlentities is tried and tested and maintained (plus it’s native and will run a lot faster).
what is the difference between htmlenteties and MySQLi real escape string?
Conceptually, yes, they have similar purposes: to prevent “data” from being interpreted as “instructions.” But, because one deals with HTML and the other deals with MySQL, they do different things and work in completely different ways.
Ok I’ve been busy today and havent had much time to read the mannual to htmlenteties() on the php website, but ive used it before and tried it on this bug, and it didnt solve anything, im hoping I was just using it incorrectly. One question before I read the mannuals later tonight, do I use the htmlenteties() function when submitting the title to the DB and then just pull that right from the DB to display it? Or vise versa? Do you guys understand what Im asking?
Just read the flags and view the examples in the manual. It should all be clear.
But if the function exists, why re-implement it?
If you want changes to the function? You want the user to be able to write certain tags but not all (like not script tags).
Even besides that: in my opinion it’s important to know what a function exactly does, instead only why you are using it.
do I use the htmlenteties() function when submitting the title to the DB and then just pull that right from the DB to display it? Or vise versa?
There isn’t a cut-and-dry answer for that. For example, if you apply htmlentities to the post when you save it, then it will be impossible (or, at the very least, difficult and uncertain) to make a plain text version of the content (e.g., for an RSS reader, or to provide the content in JSON format).
In general, I save content in its original format, and apply htmlentities only when I’m ready to display it.
actually, in most situations, I use htmlspecialchars instead. But in this situation, that doesn’t have any impact on how or why it is used, and the flag options and defaults are identical.
Hey guys, took a look at the htmlenteties() function and the new flag parameter that it now accepts. Used it to my advantage and got the forum to accept all sorts of special characters. Also used the html_enteties_decode() function to take the htmlenteties version that I had to insert into the DB and display it as plain text as the forum title. Seems to be working. Heres some code snippets of what makes it work..