SharkBait Posted November 28, 2006 Share Posted November 28, 2006 Curious what other people do about special characters in HTML while processing data with PHP.I've been using TinyMCE (and I'm starting to dislike it) and noticed that when I have submitted information with it via $_POST that TinyMCE actually converts things like " (quotes), ' (apostrophys) and things to their HTML equivalent.I would normally just use them as they are on the keyboard and then use things like [code=php:0]mysql_real_escape_string()[/code] to escape the apostrophys and such but this doesn't seem to happened because of what TinyMCE does.Do you escape your characters or do you convert them to their HTML entities prior to processing them from forms?I've also noticed that TinyMCE breaks my validation from time to time too. Any other better WYSIWY javascript editors out there that have a similar footprint?:) Quote Link to comment Share on other sites More sharing options...
zq29 Posted November 28, 2006 Share Posted November 28, 2006 I personally convert them to their HTML entity. Quote Link to comment Share on other sites More sharing options...
sw0o0sh Posted November 28, 2006 Share Posted November 28, 2006 When I coded my first forum, the post data from the textarea in a post was translated somewhat like this$text=nl2br(htmlspecialchars($_POST[text]));as you can see, htmlspecialchars was sufficient enough; and usually the insert query would be something like:$insert=mysql_query("INSERT INTO x (post) VALUES(\"$text\")");Or somewhere among the lines. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.