[nycphp-talk] How not to save HTML entities to the DB when using htmlentities()?
Michael B Allen
mba2000 at ioplex.com
Sun May 27 20:49:18 EDT 2007
On Sun, 27 May 2007 18:14:15 -0400
Chris Shiflett <shiflett at php.net> wrote:
> Michael B Allen wrote:
> > I am using htmlentities($text, ENT_COMPAT, 'UTF-8'); to escape text
> > from the db to be displayed in form fields. This works fine but when
> > the text is saved in the database the entities are saved with it.
> >
> > For example, if the text in the db is 'Mike & Ike', the form field
> > looks like:
> >
> > <input type='text' name='foo' value='Mike & Ike'/>
> >
> > This is displayed correctly but when I submit this to the server it
> > is saved to the database as 'Mike & Ike'.
>
> This is only true if you escape it again.
>
> Since there is no abomination like magic_quotes_gpc for HTML escaping,
> it means you're doing this double escaping yourself, so the problem
> should be easy to track down.
>
> Hope that helps.
Indeed. I was escaping again in my form field formatting code.
Thanks,
Mike
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
More information about the talk
mailing list