rocksfrow Posted November 24, 2008 Share Posted November 24, 2008 Hi, I just built a mailing application that passes the content of the mailing (a full html page) via POST a couple times before mailing. I noticed as I was building it that the entities that were encoded by htmlentities() were automatically decoded once I was handling them after POST. I'm simply verifying that this is STANDARD. Basically just making sure that I don't need to html_entity_decode() before sending the mailing because it's automatically done after POST. I have it setup this way currently and it's working perfect, just looking for a solid explanation to make sure one day somebody doesn't send a mailing out with a bunch of encoded entities in it! Thanks much! Quote Link to comment Share on other sites More sharing options...
rocksfrow Posted November 24, 2008 Author Share Posted November 24, 2008 Let me give more information so I get a better response. 1. First step get email content using: $content = file_get_contents(url); 2. htmlentities($content); inserted into a hidden input element 3. Another confirmation that puts the same content into another hidden element, but the entities are being decoded automatically after posting so i use: htmlentities(stripslashes($_POST['content'])); 4. Send the mailing, doing nothing to content except stripslashes(); Would you say this is safe/accurate? Thanks much for your help. Quote Link to comment Share on other sites More sharing options...
rocksfrow Posted November 24, 2008 Author Share Posted November 24, 2008 Anybody? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted November 24, 2008 Share Posted November 24, 2008 I seem to recall that forms do convert htmlentites back to their actual characters. This either happens when the form is rendered or when the data is submitted (you could do a "view source" in your browser to determine which one.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.