Jump to content

htmlspecialschars() error


knight47

Recommended Posts

I don't really understand what this means, the code's working fine, but it just outputs this error.

[URL=http://"www.knight47.com/link_sharer"]test it out here[/URL]

[code=php:0]$raw_url = $_POST['url'];
$disc = $_POST['disc'];
$clean_url = htmlspecialchars("$raw_url", ENT_QUOTE); // cleans out the url field, to make sure no malaciose code gets through
$clean_disc = htmlspecialchars("$disc", ENT_QUOTES); // cleans out the description field, to make sure no malaciose code gets through[/code]

am I not supposed to use variables in htmlspecialchars() ?

thanks.
Link to comment
https://forums.phpfreaks.com/topic/35117-htmlspecialschars-error/
Share on other sites

[quote author=jesirose link=topic=123394.msg509921#msg509921 date=1169406212]
Well for one, you don't need to surround your vars in "".
Try
$clean_url = htmlspecialchars($raw_url, ENT_QUOTES);

I think you need to add the S on the end of ENT_QUOTE in the first one?
[/quote]I completely removed the , ENT_QUOTES part from both variables, as well as the "s and it seemed to work perfectly. Do you think I should keep that part (, ENT_QUOTES)? or does it not matter? what does it do anyways.

thanks jesirose
Well if you look it up in the manual it says the default is ENT_COMPACT. If you look here: http://us2.php.net/manual/en/function.htmlentities.php

It tells you what each of the options does. Those are the same ones for specialchars.
I think htmlentities might be what you want to use instead.
[quote author=jesirose link=topic=123394.msg509923#msg509923 date=1169406624]
Well if you look it up in the manual it says the default is ENT_COMPACT. If you look here: http://us2.php.net/manual/en/function.htmlentities.php

It tells you what each of the options does. Those are the same ones for specialchars.
I think htmlentities might be what you want to use instead.
[/quote]ok i've switched to [code=php:0]htmlentities($var, ENT_NOQUOTES)[/code], but it's still converting single, and double quotes, shouden't it leave them alone?
[quote author=jesirose link=topic=123394.msg509948#msg509948 date=1169411510]
That's what it says. Can you post what you're sending it and what it puts out? (haha puts out. No seriously.)
[/quote]I'm sending in 2 fields, a URL, and a description ([url=http://www.knight47.com/link_sharer]link[/url])

The code is:
[code=php:0]$raw_url = $_POST['url'];
$disc = $_POST['disc'];
$clean_url = htmlentities($raw_url, ENT_NOQUOTES); // cleans out the url field, to make sure no malaciose code gets through
$clean_disc = htmlentities($disc, ENT_NOQUOTES); // cleans out the description field, to make sure no malaciose code gets through

$url = "<center><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\" SIZE=\"6\"><a href=\"$clean_url\" target=\"_blank\">$raw_url</a></FONT><br /><br /><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\" SIZE=\"4\"><b>Link Description:</b></FONT><br /><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\">$clean_disc</FONT></center>";
$no_disc = "<center><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\" SIZE=\"6\"><a href=\"$clean_url\" target=\"_blank\">$raw_url</a></FONT>";[/code] (that's just a snippet of it)

[quote author=jesirose link=topic=123394.msg510001#msg510001 date=1169416563]
It looks like it's working fine to me, I tested it on your site and it worked.
PS: Malicious, not maliciose.
[/quote]yea it's working fine, but it's converting " into \" and ' into \"

and I'm a bad speller, thanks :)
[quote author=jesirose link=topic=123394.msg510024#msg510024 date=1169418383]
oh that's because you probably have magic_quotes_gpc turned on. Run stripslashes() on the variables before outputting them.
[/quote]Yay! stripslashes() did it, thank you very much jesirose, I really appreciate it.  :)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.