Htmlspecialchars & ENT_QUOTES not working?

Question

Htmlspecialchars & ENT_QUOTES not working?

Basically, when displaying data from a MySQL database, I have a function htmlspecialchars()below that should convert single and double quotes into their safe objects. The problem I ran into is looking at the source code, it only converts < > &when I also need to convert single and double quotes.

//sanitize data from db before displaying on webpage
function htmlsan($htmlsanitize){
    return $htmlsanitize = htmlspecialchars($htmlsanitize, ENT_QUOTES, 'UTF-8');
}

Then when I want to use, for example, I:

htmlsan($row['comment']);

Can someone tell me why it does not convert single and double quotes?

UPDATE

Which is strange: it is htmlsan()used for comments in email, and when I look at the source code of the email, it converts them, it seems that it will not convert single / double quotes from the database when displayed on a web page. My database setup is also set to utf8_general_ci, and I declare that I will use utf8 to connect to the database, etc.

+5

php htmlspecialchars

PHPLOVER Jan 18 '11 at 10:01

source share

5 answers

Álvaro González · Answer 1 · 2011-01-18T10:17:00+0000

How do you test it for sure?

<?php

//sanitize data from db before displaying on webpage
function htmlsan($htmlsanitize){
    return $htmlsanitize = htmlspecialchars($htmlsanitize, ENT_QUOTES, 'UTF-8');
}

var_dump(htmlsan('<>\'"'));

... prints:

string(20) "&lt;&gt;&#039;&quot;"

I assume your input line comes from Microsoft Word and contains typos:

var_dump(htmlsan('"foo"')); // string(9) ""foo""

If you need to convert them for any reason, you need htmlentities(), not htmlspecialchars():

var_dump(htmlentities('"foo"', ENT_QUOTES, 'UTF-8')); // string(17) "&ldquo;foo&rdquo;"

Update # 1

, . (') comment :

var_dump(bin2hex("'"));
var_dump(htmlspecialchars("'", ENT_QUOTES, 'UTF-8'));
var_dump(bin2hex($row['comment']));
var_dump(htmlspecialchars($row['comment'], ENT_QUOTES, 'UTF-8'));

:

string(2) "27"
string(6) "&#039;"
string(2) "27"
string(6) "&#039;"

, , .

# 2

, , , , :

string(6) "'"

6 . real: . , , .. string(6) "'". ' -, '. " " , .

PHPLOVER · Answer 2 · 2011-01-19T14:36:23+0000

Firebug, Firebug , -, , , View Source . . .

Carolina · Answer 3 · 2014-11-06T06:31:15+0000

. utf-8_unicode_ci html- utf-8, htmlentities , . , db, html , . charset html iso-8859-1, . , . db - utf-8_unicode_ci.

Matt Lowden · Answer 4 · 2011-01-18T10:04:42+0000

, , $htmlsanitize.

function htmlsan($htmlsanitize){
    return htmlspecialchars($htmlsanitize, ENT_QUOTES, 'UTF-8');
}

Dai · Answer 5 · 2011-01-18T10:25:30+0000

htmlentities($htmlsin, ENT_QUOTES, 'UTF-8');

mb_convert_encoding($htmlsan, "HTML-ENTITIES", "UTF-8");

, , .

Htmlspecialchars & ENT_QUOTES not working?

Update # 1

# 2

More articles: