Problems with htmlspecialchars

Question

Problems with htmlspecialchars

I am creating links from the following php code. Links are displayed in a browser, and the generated html code seems fine, but the links are not clickable. I tested this in IE and FF and tried to see with FireBug to no avail.

Code to create my form

$uploadhtml = htmlspecialchars(json_encode("<form action='up.php' method='post'
enctype='multipart/form-data'>
<label for='file'>Filename:</label>
<input type='file' name='file' id='file'/> 
<br />
<input type='hidden' name='pk' value='".$pk."'>
<input type='hidden' name='username' value='".$USERNAME."'>
<input type='submit' name='submit' value='Submit' onclick=\"setTimeout(function() { 
updateByPk('Layer2', '".$pk."', '".$brand."', '".$pg."'); } ),1250);\" />
</form>"), ENT_QUOTES);

The resulting html code:

    <a onclick="makewindows(&#39;&quot;<form action=&#39;up.php&#39; method=&#39;
post&#39;\r\nenctype=&#39;multipart\/form-data&#39;>\r\n<label for=&#39;
`file&#39;>Filename:<\/label>\r\n<input type=&#39;file&#39; name=&#39;file&#39; id=&#39;`file&#39;\/> \r\n<br \/>\r\n<input type=&#39;hidden&#39; name=&#39;pk&#39; value=&#39;
380118179930&#39;>\r\n<input type=&#39;hidden&#39; name=&#39;username&#39; value=&#39;
janmaybach&#39;>\r\n<input type=&#39;submit&#39; name=&#39;submit&#39; value=&#39;
Submit&#39; onclick=\&quot;setTimeout(function() { updateByPk(&#39;Layer2&#39;, 
&#39;380118179930&#39;, &#39;Ed Hardy&#39;, &#39;1&#39;); } ),1250);\&quot; 
\/>\r\n<\/form>&quot;&#39;); return false;" href="#">Upload files</a>

I assume this is a JavaScript error, but I do not know how to determine this?

edit: HTML code without ENT_QUOTES:

<a href="#" onclick="makewindows('&quot;<form action='up.php' method='post'\r
\nenctype='multipart\/form-data'>\r\n<label for='file'>Filename:<\/label>\r\n<input 
type='file' name='file' id='file'\/> \r\n<br \/>\r\n<input type='hidden' name='pk' 
value='380118185183'>\r\n<input type='hidden' name='username' value='janmaybach'>\r
\n<input type='submit' name='submit' value='Submit' onclick=\&quot;setTimeout(function() 
{ updateByPk('Layer2', '380118185183', 'Ed Hardy', '1'); } ),1250);\&quot; 
\/>\r\n<\/form>&quot;'); return false;">Upload files</a>

It's still not clickable ... does it seem like everything is being cited correctly?

When I try without htmlspecial characters, the following html output is output:

<input type='submit' name='submit' value='Submit' onclick=" settimeout(function()="" {="" updatebypk(="" layer2="" 380118179930="" ed="" hardy="" ,="" 1="" );="" }="" ),1250);="">
'); return false;"&gt;Upload files</a>

+1

javascript php

Joshxtothe4 May 05 '09 at 12:20

source share

3 answers

Michael Borgwardt · Answer 1 · 2009-05-05T12:29:52+0000

, , . : , Javascript, HTML - .

, PHP , - Javascript. - , , Javascript, () , .

guerda · Answer 2 · 2009-05-05T12:25:54+0000

makewindows . (%#39). ', .

roborourke · Answer 3 · 2009-05-05T12:30:30+0000

The ENT_QUOTES flag spins the output. If you look carefully, you will see that there are no actual quotes in the HTML output - only escaped objects. Make a test that does not use htmlspecialchars (). You should avoid backslash quotes or better add javascript functionality unobtrusively. jQuery can help you achieve this http://jquery.com

Problems with htmlspecialchars

More articles: