htmlspecialchars
If you are to save some text in a database. And it may contain some HTML characters, then for your own sake, you should strip of those characters. Both cause they can result in a bad query when writing to the database. Also, if you let your users input text to your database, you should strip of special characters beofre the tyext is written to the DB.
You do it by using this code.
Then when you want to present the text from the database you can 'decode' the string, and get all you apostrophes, single and double quotes, and other characters looking to the way it is written, in the original text, as in the text these characters are converted into the HTML character codes.
Such charater codes can look like this; ' what is the HTML code for an apostrophe.
It will then when seen in the browser be shown as an apostrophe.
Remember also to read the page about the 'htmlspecialchars_decode'
PHP
As you see it just takes a single code to strip of the tags. This is built in to PHP, and its a useful code to use.
The example show the basic use of the htmlspecialchars code.
<?php
$string = "Here is an example of text <strong>with <U>HTML</U> tags.</strong>";
echo htmlspecialchars($string);
?>
And here is the same string, when it have been through the htmlspecialchars code.
<?php
"Here is an example of text <strong>with <U>HTML</U> tags.</strong>";
?>
And in the browser it will be seen as this;
Here is an example of text <strong>with <U>HTML</U> tags.</strong>
Showing the HTML tags and not parsing them in the browser. So not with the HTML tags making the text strong and underlined.
Now you should read about the
'htmlspecialchars_decode' part of this.
Index
LAMP stack - text
LAMP stack - video
Securing Lampstack
Securing Apache
Using Cron
Webbrowsers
Rotate
Navigate to other page
About
