I hava a problem with some functions

[eom12]

hi i new in this forum, i started to learn php and i hava some problems with some functions:

 

mysql_num_rows

mysql_fetch_assoc

mysql_fetch_array

ereg_replace

strip_tags

htmlspecialchars

strlen

 

I read this functions in php.net but i still dont understant what thay doing, please explain this functions with a simple code

thanks and good day

[Christian F.]

First off all, the only function on that list that you should be using, is the last one.

The first four are deprecated, and as such will be removed some time in the future. For the mysql_* () line of functions, you'll want to look at the MySQLi library instead. (In the PHP manual.) ereg_replace () is replaced by preg_replace ().

The fifth is just not a good idea, as noted in the PHP manual itself with the reason.

 

htmlspecialchars () can't really be explained any simpler than what it is in the PHP manual. It's a so-called output escaping function, which ensures that the content will be treated as pure text by the browser and not as part of the HTML code. In case of any characters with a syntactical meaning within HTML is located in the string.

 

If you don't understand what the functions does, create a test script and play around with them yourself. Preferably starting with the code found in the PHP manual.

[requinix]

There is one case when you should use htmlspecialchars(): in XML. htmlentities() will create strings that are invalid for XML without you jumping through hoops. Meanwhile htmlspecialchars() will escape exactly the right characters that should be escaped.

[DavidAM]

@ChristianF

First off all, the only function on that list that you should be using, is the last one.

...

The fifth is just not a good idea, as noted in the PHP manual itself with the reason.

 

1) Where does the manual say that strip_tags is "not a good idea"? I see warnings about using it with broken HTML, but nothing else.

 

2) What is wrong with htmlspecialchars? I find it a minimalistic function suitable for "escaping" user input when it will be displayed. I prefer it over htmlentities since the latter does more work (which means it takes longer) and the extra changes are not necessary (for my purposes).

 

3) I'm surprised you let him have strlen. After all, isn't the push now toward UTF-8, a multi-byte character set, which requires mb_strlen?

 

[Christian F.]

Seems like there's some confusion here...

 

1) I'm referencing those warnings, and other sources on the subject. strip_tags () can have unexpected results, and thus is not a good idea to use. (Not to mention you should probably be validating/escaping your data instead.)

 

2) I have said nothing negative about htmlspecialchars (). In fact, I recommended its use.

 

3) That was added after I had posted. If not, I would have recommended the use of mb_strlen () as well.

[tibberous]

and as such will be removed some time in the future

 

2042 maybe. Removing mysql_* would probably break +90% of the production code in existence.

 

And, OP, how can you possible not understand strlen? It returns the number of letters in a word.

 

hello has 5 letters, so strlen("hello"); would be 5.

 

The PHP docs have really good example code generally.

[requinix]

2042 maybe. Removing mysql_* would probably break +90% of the production code in existence.

Just like how they'll never remove magic_quotes or register_globals because doing so would break a lot of code too.

 

Oh wait.

 

And, OP, how can you possible not understand strlen? It returns the number of letters in a word.

Number of bytes. That big difference there is what confuses people the most.