Jump to content

htmlspecialschars() error

knight47

By knight47
in PHP Coding Help

 Share

Recommended Posts

knight47 Member

knight47

Posted
Posted
I don't really understand what this means, the code's working fine, but it just outputs this error.

[URL=http://"www.knight47.com/link_sharer"]test it out here[/URL]

[code=php:0]$raw_url = $_POST['url'];
$disc = $_POST['disc'];
$clean_url = htmlspecialchars("$raw_url", ENT_QUOTE); // cleans out the url field, to make sure no malaciose code gets through
$clean_disc = htmlspecialchars("$disc", ENT_QUOTES); // cleans out the description field, to make sure no malaciose code gets through[/code]

am I not supposed to use variables in htmlspecialchars() ?

thanks.
Link to comment
Share on other sites
knight47 Member

knight47

Posted
  • Author
Posted
[quote author=jesirose link=topic=123394.msg509921#msg509921 date=1169406212]
Well for one, you don't need to surround your vars in "".
Try
$clean_url = htmlspecialchars($raw_url, ENT_QUOTES);

I think you need to add the S on the end of ENT_QUOTE in the first one?
[/quote]I completely removed the , ENT_QUOTES part from both variables, as well as the "s and it seemed to work perfectly. Do you think I should keep that part (, ENT_QUOTES)? or does it not matter? what does it do anyways.

thanks jesirose
Link to comment
Share on other sites
Jessica Advanced Member

Jessica

Posted
Posted
Well if you look it up in the manual it says the default is ENT_COMPACT. If you look here: http://us2.php.net/manual/en/function.htmlentities.php

It tells you what each of the options does. Those are the same ones for specialchars.
I think htmlentities might be what you want to use instead.
Link to comment
Share on other sites
knight47 Member

knight47

Posted
  • Author
Posted
[quote author=jesirose link=topic=123394.msg509923#msg509923 date=1169406624]
Well if you look it up in the manual it says the default is ENT_COMPACT. If you look here: http://us2.php.net/manual/en/function.htmlentities.php

It tells you what each of the options does. Those are the same ones for specialchars.
I think htmlentities might be what you want to use instead.
[/quote]ok i've switched to [code=php:0]htmlentities($var, ENT_NOQUOTES)[/code], but it's still converting single, and double quotes, shouden't it leave them alone?
Link to comment
Share on other sites
knight47 Member

knight47

Posted
  • Author
Posted
[quote author=jesirose link=topic=123394.msg509948#msg509948 date=1169411510]
That's what it says. Can you post what you're sending it and what it puts out? (haha puts out. No seriously.)
[/quote]I'm sending in 2 fields, a URL, and a description ([url=http://www.knight47.com/link_sharer]link[/url])

The code is:
[code=php:0]$raw_url = $_POST['url'];
$disc = $_POST['disc'];
$clean_url = htmlentities($raw_url, ENT_NOQUOTES); // cleans out the url field, to make sure no malaciose code gets through
$clean_disc = htmlentities($disc, ENT_NOQUOTES); // cleans out the description field, to make sure no malaciose code gets through

$url = "<center><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\" SIZE=\"6\"><a href=\"$clean_url\" target=\"_blank\">$raw_url</a></FONT><br /><br /><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\" SIZE=\"4\"><b>Link Description:</b></FONT><br /><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\">$clean_disc</FONT></center>";
$no_disc = "<center><FONT FACE=\"sans-serif, Arial, Helvetica, Geneva\" SIZE=\"6\"><a href=\"$clean_url\" target=\"_blank\">$raw_url</a></FONT>";[/code] (that's just a snippet of it)

Link to comment
Share on other sites
knight47 Member

knight47

Posted
  • Author
Posted
[quote author=jesirose link=topic=123394.msg510001#msg510001 date=1169416563]
It looks like it's working fine to me, I tested it on your site and it worked.
PS: Malicious, not maliciose.
[/quote]yea it's working fine, but it's converting " into \" and ' into \"

and I'm a bad speller, thanks :)
Link to comment
Share on other sites
knight47 Member

knight47

Posted
  • Author
Posted
[quote author=jesirose link=topic=123394.msg510024#msg510024 date=1169418383]
oh that's because you probably have magic_quotes_gpc turned on. Run stripslashes() on the variables before outputting them.
[/quote]Yay! stripslashes() did it, thank you very much jesirose, I really appreciate it.  :)
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.