How to check if htmlspecialchars() has already been implemented on a string..?

[jackpf]

Hi all,

Have a bit of a problem with my bbcode style function for my forum...

 

Currently, admins/mods can post html etc, and users cannot; I use htmlspecialchars(). I use bbcode to allow people to post code, and the code is highlighted, much like this forum.

 

Now, the function that parses the extracted code puts it into htmlspecialchars(), which is fine for admins/mods, but since users have their posts being passed through htmlspecialchars() twice, it displays incorrectly, with special characters that shouldn't be there.

 

Thus, my question is, is there a way of checking if htmlspecialchars() has already been run on a string? Maybe by some kind of regex or something...?

 

Thanks for any help,

Jack.

[rhodesa]

not really...if you think about it, htmlspecialchars() converts & to & for example...but what's to say the person didn't just type that in themselves?

 

i guess you could write a regex that searches for the stuff it converts (list is in the link), and if it finds an & for instance...and it's not followed by amp; do htmlspecialchars() again.

http://us2.php.net/htmlspecialchars

 

the best thing (in my opinion) is to not mess with the text until it's time to display. so don't do htmlspecialchars() on user's text...since you are already doing it when you display it

[jackpf]

Yeah...that's not a bad idea. Not really sure how to do it though...

 

And well the problem with that is that depending on what user level you are, you might not have htmlspecialchars() run on your posts, but the same function is run to highlight code for all user levels.

 

So for example, if I remove the htmlspecialchars() from the function, it'll work fine for users who have already had their post converted, but for admins, it'll display as actual html, since their posts are not ran through htmlspecialchars(), which is not what it's supposed to do...

[rhodesa]

but my suggestion is to not run it on the text being posted...