[SOLVED] htmlspecialchars

[phpretard]

I would like to insert "htmlspecialchars" into my DB when a user puts in single or double quotes.

 

I can't make it work in testing...(darn it)

 

So if:

 

$insert="Randal's Appraisals, LLC";

 

I would like to INSERT ->Randal's Appraisals, LLC

 

OR " = "

 

I have been all over and here I am am again...

 

Any help?

 

NONE OF THESE WORK:

$CompanyName="Randal's Appraisals, LLC";  
  
$CompanyName2="Randal's Appraisals, LLC";

$Com=htmlentities($CompanyName, ENT_QUOTES);

$Com2=htmlspecialchars_decode($CompanyName2, ENT_QUOTES);

echo $Com; 

echo "<br><br>";


echo $Com2;

 

 

[genericnumber1]

when you echo something from htmlentities() it will show up in the browser looking like it didn't work because the browser is changing the entities to the correct values. View the source and see if it really changed them. (htmlentities() with ENT_QUOTES is the proper way to do it).

[phpretard]

Good Call!

 

How can I apply this the the From line in an email?

 

It stops at the single quote.

[genericnumber1]

What are you trying to put in for the From: header?

Randal's Appraisals, LLC <[email protected]>

? something like that?

[phpretard]

No I am using PHP Mailer and the line is:

 

$CompanyName="Randal&#039;s Appraisals, LLC";

 

$mail->FromName  = "$CompanyName";

 

 

 

In the email Sent it now doesn't stop at "Randal" (Thank you)

 

The From Line Reads " Randal\'s Appraisals, LLC " (In The Email)

[phpretard]

Correction

 

The DB field holds: Randal&#039;sAppraisals, LLC

 

The from Line Reads: "Randal\\" (In the email)

[genericnumber1]

As far as email headers go, I'm no expert, but I suppose you're trying to use a character that is not allowed. You WILL need to use the form

[email protected]

or

name <[email protected]>

for the from headers or the email will likely not get by 99% of email filters.

 

EDIT: just read the standards, seems like any 1-127 of the ascii set of characters is fine... I have no idea then

http://www.faqs.org/rfcs/rfc2822

[xoligy]

when you echo something from htmlentities() it will show up in the browser looking like it didn't work because the browser is changing the entities to the correct values. View the source and see if it really changed them. (htmlentities() with ENT_QUOTES is the proper way to do it).

 

this is my db

168  	1  	asdsad  	Admin  	< blah >  	2008-09-15 05:19:11  	05:19:00

 

the page

<TR><TD width="100%"><p><b style="font-size: 16px;">asdsad</b></TD>
<TR><TD style="font-size: 10px;">Posted by: <b><a href="stats.php?id=1">Admin</a> at 05:19 AM <a href="comments.php?id=168">Comments|0</a></font></b></TD>
<TR><TD><div class="content-box"><p>< blah ></div></TD>

 

i managed to do it somehow :-/

[xoligy]

with the &quot u wanted lol

 

169  	1  	asdasdsa  	Admin  	test 'test' and "test"  	2008-09-15 05:24:42  	05:24:00

 

<TH align=left style="padding-left: 5px; font-size: 12px;">September 15th, 2008</TH>
<TR><TD width="100%"><p><b style="font-size: 16px;">asdasdsa</b></TD>
<TR><TD style="font-size: 10px;">Posted by: <b><a href="stats.php?id=1">Admin</a> at 05:24 AM <a href="comments.php?id=169">Comments|0</a></font></b></TD>
<TR><TD><div class="content-box"><p>test 'test' and "test"</div></TD>

[genericnumber1]

did you post in the wrong thread xoligy  ???