NYCPHP Meetup

[nycphp-talk] Textarea formatting

Chris Shiflett shiflett at php.net
Fri Oct 27 10:27:37 EDT 2006


AbraCadab Ra wrote:
> before inserting into the database I encode the data using the
> htmlspecialchars() function.
> 
> $encReq = htmlspecialchars($req, ENT_QUOTES);
> 
> when I'm displaying it back to the user i had to use the
> following function to convert it back into HTML.

Sounds like you're trying to write this:

http://php.net/html_entity_decode

When you think you need to remove the escaping from something, you're
almost always doing something wrong.

Escaping preserves data in another context, so if you ever need to
remove it, it's a good indication that either you didn't need it in the
first place, or you've chosen the wrong escaping function for a
particular context (e.g., htmlspecialchars() for an SQL query).

Hope that helps.

Chris

-- 
Chris Shiflett
http://shiflett.org/



More information about the talk mailing list