[nycphp-talk] Textarea formatting

Chris Shiflett shiflett at
Fri Oct 27 10:27:37 EDT 2006

AbraCadab Ra wrote:
> before inserting into the database I encode the data using the
> htmlspecialchars() function.
> $encReq = htmlspecialchars($req, ENT_QUOTES);
> when I'm displaying it back to the user i had to use the
> following function to convert it back into HTML.

Sounds like you're trying to write this:

When you think you need to remove the escaping from something, you're
almost always doing something wrong.

Escaping preserves data in another context, so if you ever need to
remove it, it's a good indication that either you didn't need it in the
first place, or you've chosen the wrong escaping function for a
particular context (e.g., htmlspecialchars() for an SQL query).

Hope that helps.


Chris Shiflett

More information about the talk mailing list