htmlentities - entities automatically decode after POST?

[rocksfrow]

Hi,

 

I just built a mailing application that passes the content of the mailing (a full html page) via POST a couple times before mailing.

 

I noticed as I was building it that the entities that were encoded by htmlentities() were automatically decoded once I was handling them after POST. I'm simply verifying that this is STANDARD. Basically just making sure that I don't need to html_entity_decode() before sending the mailing because it's automatically done after POST. I have it setup this way currently and it's working perfect, just looking for a solid explanation to make sure one day somebody doesn't send a mailing out with a bunch of encoded entities in it!

 

Thanks much!

 

[rocksfrow]

Let me give more information so I get a better response.

 

1. First step get email content using: $content = file_get_contents(url);

2. htmlentities($content); inserted into a hidden input element

3. Another confirmation that puts the same content into another hidden element, but the entities are being decoded automatically after posting so i use: htmlentities(stripslashes($_POST['content']));

4. Send the mailing, doing nothing to content except stripslashes();

 

Would you say this is safe/accurate?

 

Thanks much for your help.

[rocksfrow]

Anybody?

[PFMaBiSmAd]

I seem to recall that forms do convert htmlentites back to their actual characters. This either happens when the form is rendered or when the data is submitted (you could do a "view source" in your browser to determine which one.)