NYCPHP Meetup

[Chris Shiflett]

AbraCadab Ra wrote:
> before inserting into the database I encode the data using the
> htmlspecialchars() function.
> 
> $encReq = htmlspecialchars($req, ENT_QUOTES);
> 
> when I'm displaying it back to the user i had to use the
> following function to convert it back into HTML.

Sounds like you're trying to write this:

http://php.net/html_entity_decode

When you think you need to remove the escaping from something, you're
almost always doing something wrong.

Escaping preserves data in another context, so if you ever need to
remove it, it's a good indication that either you didn't need it in the
first place, or you've chosen the wrong escaping function for a
particular context (e.g., htmlspecialchars() for an SQL query).

Hope that helps.

Chris

-- 
Chris Shiflett
http://shiflett.org/