[nycphp-talk] How not to save HTML entities to the DB when using htmlentities()?
Chris Shiflett
shiflett at php.net
Sun May 27 18:14:15 EDT 2007
Michael B Allen wrote:
> I am using htmlentities($text, ENT_COMPAT, 'UTF-8'); to escape text
> from the db to be displayed in form fields. This works fine but when
> the text is saved in the database the entities are saved with it.
>
> For example, if the text in the db is 'Mike & Ike', the form field
> looks like:
>
> <input type='text' name='foo' value='Mike & Ike'/>
>
> This is displayed correctly but when I submit this to the server it
> is saved to the database as 'Mike & Ike'.
This is only true if you escape it again.
Since there is no abomination like magic_quotes_gpc for HTML escaping,
it means you're doing this double escaping yourself, so the problem
should be easy to track down.
Hope that helps.
Chris
--
Chris Shiflett
http://shiflett.org/
More information about the talk
mailing list