frijole Posted March 7, 2008 Share Posted March 7, 2008 both of these functions encode the HTML tags, but, I don't understand what the purpose is? you encode them, and them when you use them again just decode them? I would appreciate if someone could give me some insight into this, or maybe just an example. thanks. Quote Link to comment Share on other sites More sharing options...
Daney11 Posted March 7, 2008 Share Posted March 7, 2008 For example, if i had a form.. If someone entered ">Script Error <input name="form" type="text" value="<?php echo $name; ?>" /> My form would break and script error would be on the website. However <input name="form" type="text" value="<?php echo htmlentities($name); ?>" /> The script error would be still inside the form and it wouldnt break. Quote Link to comment Share on other sites More sharing options...
frijole Posted March 7, 2008 Author Share Posted March 7, 2008 so you encode it in that case, and then decode if you want to echo something? Quote Link to comment Share on other sites More sharing options...
Daney11 Posted March 7, 2008 Share Posted March 7, 2008 You dont have to decode it i dont think. Just trial and error it all Quote Link to comment Share on other sites More sharing options...
frijole Posted March 7, 2008 Author Share Posted March 7, 2008 alright, thanks for the help Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 7, 2008 Share Posted March 7, 2008 as far as i know there is no "decode_htmlentities()". the purposes of the functions is to ensure that plain text characters like greater than, less than, etc. don't screw up the form presentation when they are used in a form element. as mentioned, if you echo a less than sign in a form element, chances are good that it will screw up the form element. i think the worst are single and double quotes. Quote Link to comment Share on other sites More sharing options...
Orio Posted March 7, 2008 Share Posted March 7, 2008 You don't have to always encode it. You encode it when you want to output user input. Example- this very forum- our messages may contain html, but obviously we don't want the html we write in our messages to be interpreted as html, we simply want other to see exactly what's written. So if I write </html> our browsers won't think it's part of the html code, because SMF uses htmlentites() on the posts (check the source if you want to, you'll see < and >) Orio Quote Link to comment Share on other sites More sharing options...
frijole Posted March 7, 2008 Author Share Posted March 7, 2008 so why does </html> come out that way when it is encoded? htmlentities() changes the string, so when does it get changed back into its original form? Quote Link to comment Share on other sites More sharing options...
Orio Posted March 7, 2008 Share Posted March 7, 2008 Because the browsers know that if they encounter a < they need to output "<" (or maybe ">" I don't remember). It's part of the standard in HTML4: http://www.w3.org/TR/html401/sgml/entities.html Orio. Quote Link to comment Share on other sites More sharing options...
frijole Posted March 7, 2008 Author Share Posted March 7, 2008 Ok, thanks a lot for clarifying that. That was precisely what I was confused about. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.