[nycphp-talk] HTML entities in posted variables problem
DeWitt, Michael
mjdewitt at alexcommgrp.com
Wed Mar 17 10:43:36 EST 2004
Chris,
Thank you very much. urlencode/urldecode works. It never occured to me to
use this technique with the POST method, but it works and solves this issue
of getting back exactly what you preset a form variable to be.
Interestingly, htmlentities doesn't seem to work for me as
htmlentities($a) is not equal to htmlentities($_post['q1'])
It seems like it should work (as all characters with entity equivalents
should be translated), but it doesn't for me even exploring the various
quoting options of this function.
My issue is that I have no idea of what people are going to put into the $a
string. It may contain entities or not. All I need to know is if I got
back the exact same string after posting which is where I ran into this
issue.
On a side note,It also seems to me that the "text" form elements are going
to present special issues like the one mentioned by Rahmin since you are not
dealing with preset values.
Thanks again for your help.
Mike
> -----Original Message-----
> From: Chris Bielanski [SMTP:Cbielanski at inta.org]
> Sent: Wednesday, March 17, 2004 9:58 AM
> To: 'NYPHP Talk'
> Subject: RE: [nycphp-talk] HTML entities in posted variables problem
>
> Check the manual for the htmlspecialchars(), urlencode() and urldecode()
> functions. Unless I'm missing the point, these functions should make it
> fairly simple for you to convert the entities or encoding in the request
> vars back into plaintext. If that's not helpful, Read The Fine Manual
> about
> string data, and the differences in single- and double-quoted string
> contructs, particularly where it concerns using the backslash character to
> escape other characters within a string.
>
> HTH
> ~Chris
>
> > -----Original Message-----
> > From: DeWitt, Michael [mailto:mjdewitt at alexcommgrp.com]
> > Sent: Wednesday, March 17, 2004 9:43 AM
> > To: 'NYPHP Talk'
> > Subject: [nycphp-talk] HTML entities in posted variables problem
> >
> >
> > Does anyone have a good idea of the best way to handle HTML
> > entities in post
> > variables? It seems that the entity will be converted to a rendered
> > character when the page returns making checks of the string
> > used to set the
> > value against the returned (posted) value will fail.
> >
> > For example
> >
> > // ’ is the close quote
> >
> > $a='Yes, It’s true';
> >
> > echo '<input type="radio" name="q1" value="'.$a.'">'.$a;
> >
> > .
> > .
> > .
> >
> > if ($a==$_post['q1']) {
> > echo 'A miracle happened';
> >
> > }
> >
> > Checking $_post['q1'], I find it is equal to "Yes it's true"
> > I have played around with other entities and it doesn't seem
> > to be an issue
> > with just quotes.
> >
> > Does anyone have an idea of why this is happening and,
> > perhaps, the best way
> > to handle this?
> >
> > I believe a similar question was posted back on the 2nd by
> > Rahmin, but I
> > couldn't find any responses.
> >
> > Mike
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list