[SOLVED] Ok, one more....

[psquillace]

Hello All Again....

 

Ok, working on the same subject of php of encoding html and the author uses this one out of the blue....

 

 

$variable .= htmlspecialchars()

 

Now, there is nothing in there on this, or what this means. When do I use it?

 

I tried looking on php.net but for some reason, I never understand that site or what they say on a subject. I am sure I will get that site when I use php more..

 

thanks for any help on this and what this function is or does

 

Paul

[papaface]

example:

$var = "hello";

$var .= " to you.";

echo $var; //now says hello to you.

Understand?

As for the function: http://uk.php.net/htmlspecialchars

[trq]

The manual page for htmlspecialchars is very clear. Read it again.

[psquillace]

so what is the diff between that and just . the concatenate?

 

are they the same or is one used for only urls

[papaface]

The example you gave does nothing.

I suspect its just to demonstrate concatenation.

[psquillace]

Here is the example from the text

 

<?
	$url_page = 'php/created/page/url.php' ;
	$param1 = 'This is a string';
	$param2 = '"bad"/<>character$';
	$linktext = "<Click> & You'll See";

?>
<?php
	// this gives you a clean link to use

	$url = "http://localhost";
	$url .= rawurlencode($url_page);
	$url .= "&param1=" . urlencode($param1);
	$url .= "&param2=" . urlencode($param2);

	// htmlspecialchars escapes any html that 
	// might do bad things to your html page
?>
<a href="<?php echo htmlspecialchars($url); ?>">
	<?php echo htmlspecialchars($linktext); ?>

 

 

and I was following it all and what he was saying until the .= came into the picture, that is where I got lost. I am assuming it means to just append it to the end of the url?

[papaface]

Yeah it does. But the example you gave won't append anything because it contains nothing in the () of the function.

[psquillace]

ahh ok. I think it is coming around in the old head now.

 

thanks for all your help.

 

Paul

[redarrow]

what do u mean it not understandable from php.net

 

'&'  CONVERTED WITH htmlspecialchars() (ampersand) becomes '&'

'"' CONVERTED WITH htmlspecialchars() (double quote) becomes '"' when ENT_NOQUOTES is not set.

''' (single quote) CONVERTED WITH htmlspecialchars() becomes ''' only when ENT_QUOTES is set.

'<' (less than) CONVERTED WITH htmlspecialchars() becomes '<'

  '>' (greater than) CONVERTED WITH htmlspecialchars()becomes '>'

 

 

Example#1 htmlspecialchars() example

<?php

$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);

echo $new; // <a href='test'>Test</a>

?>

 

THE WHOLE IDEAR OF htmlspecialchars() FUNCTION IS TO MAKE

 

THIS LINE DATABASE FRIENDLY

$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);

 

MEANING THIS IS NOW HTML IN A DATABASE FRIENDLY

echo $new; // <a href='test'>Test</a>

 

now when the html is pualled from the database the whole link will be re generated to a proper

looking link but from your database as entered as html.....

 

 

if you use and see this link your notice what all the converted letters are.

http://www.w3schools.com/tags/ref_entities.asp

 

and see how powerfull htmlspecialchars() is for useing html in a database.......