fortnox007 Posted September 9, 2010 Share Posted September 9, 2010 Hi all i was just trying to test out what the effect is of htmlentities() and htmlspecialchars() with an without ENT_QUOTES, but it looks like it's not working as expected. I made a small script to compare the 2 the only thing happends that javascript isn't executed, but i though it would convert special characters into even more special ones I am running on xampp btw if that helps $plain_input = "I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script>"; $plain_input2 = htmlentities($plain_input); $plain_input2_ent = htmlentities($plain_input,ENT_QUOTES); echo '<b>htmlentities: </b>'.$plain_input2.'<br />'; echo '<b>htmlentities + entquotes: </b>'.$plain_input2_ent.'<br />'; echo '<hr /><br />'; $plain_input3 = htmlspecialchars($plain_input); $plain_input3_ent = htmlspecialchars($plain_input,ENT_QUOTES); echo '<b>htmlspecialchars:</b> '.$plain_input3.'<br />'; echo '<b>htmlspecialchars + entquotes:</b> '.$plain_input3_ent.'<br />'; echo '<hr /><br />'; this just outputs: htmlentities: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> htmlentities + entquotes: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> htmlspecialchars: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> htmlspecialchars + entquotes: I am going to hax0r your site, hahaha! <script type='text/javascript'> window.location = 'http://www.google.com/' </script> Quote Link to comment Share on other sites More sharing options...
Vince889 Posted September 9, 2010 Share Posted September 9, 2010 If I recall correctly, ENT_QUOTES doesn't do any besides tell the function how to handle double or single quotes [and decide whether or not to convert them]. If you're looking for some kind of special feature, then I don't believe this is what you're looking for. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 9, 2010 Author Share Posted September 9, 2010 No i mean the output should look totaly different, as far as I read form the manual this: $new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES); should output: echo $new; // <a href='test'>Test</a> See all the weird characters. That's not happening even without the entquotes : ) If anyone knows i would love to hear Quote Link to comment Share on other sites More sharing options...
Vince889 Posted September 9, 2010 Share Posted September 9, 2010 Again, I am not really sure about what you're looking for. When I parse that string, it comes out as <a href='test'>Test</a> [just btw, PHPFreak's messageboard is adding its own stuff to our posts. For example, the extra "'"] Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 10, 2010 Author Share Posted September 10, 2010 Exactly!! and it doesn't at my place. that's why i was asking does anyone have a clue what may cause this. I haven't got a clue. i am using xampp -edit: Ok so in a nutshell: i want to use those function just to see what they do. I am running on a local server (xampp) and its not outputting as it should the php file is correct (i think) so it should be something else causing the function not to work. does anyone know how to solve this? Quote Link to comment Share on other sites More sharing options...
Vince889 Posted September 10, 2010 Share Posted September 10, 2010 ....Your setup is fine, that is the messageboard putting those extra characters in. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 10, 2010 Author Share Posted September 10, 2010 ok i am gonna retry to explain myself: The script I wrote doesn't work as expected on my local server. So in other words it doesn't work when I open it in my browser (so this site has nothing to do with any of this). So in even other words I am working with Netbeans and when I want to run the file local ie. http://localhost/practice.php and it doesn't give the output i expect but it shows the stuff I wrote in post #1. Just to make my self even more clear all other functions seem to work as far as i know. Does anyone know what to do? :'( :'( Quote Link to comment Share on other sites More sharing options...
DavidAM Posted September 10, 2010 Share Posted September 10, 2010 These functions convert certain characters into html entities so that the browser can DISPLAY them instead of executing them. If you are sending the results to a browser, you will "SEE" the same thing that you started with. If you look at the page source (View Source in your browser) you should see the "special characters". If you sent those strings without the htmlentities(), the browser would execute that script instead of displaying it. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 10, 2010 Author Share Posted September 10, 2010 Ah at last! I think I understand what you mean. You only see those characters in the source "view source" lols. The manual of php.net just says: $new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES); echo $new; // <a href=&#039;test&#039;>Test</a> But the manual maybe should have said it shows it in the source and not in the window. Lols I was on the brink of throwing my computer out of the window Quote Link to comment Share on other sites More sharing options...
DavidAM Posted September 10, 2010 Share Posted September 10, 2010 Open the window first. No sense in ruining a perfectly good window. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 10, 2010 Author Share Posted September 10, 2010 I'll keep that in mind for next time : ) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.