Re: [PHP] Displaying HTML characters in real format
On Tue, 17 Jul 2007 17:59:01 -0500 (CDT), Richard Lynch wrote:
On Tue, July 17, 2007 2:03 pm, Nisse Engström wrote:
On Fri, 13 Jul 2007 01:24:09 -0500 (CDT), Richard Lynch wrote:
htmlspecialchars ONLY escapes four characters:
htmlentities escapes ALL characters that need it
What characters other than the four (or five)
NEED escaping, and why?
For example, some people occasionally find a need to write an o with
an umlaut over it.
No way! :-)
And sometimes they might type that right into a database form of some
kind.
And if that's being output, it needs to be converted to an HTML entity
so it will actually show up as an o with an umlaut, instead of, say,
capital A with a tilda followed by a paragraph symbol.
Now, in some cases, if you are using UTF-8 (or UTF-16) and if the
browser is supporting that, and if you've got the right headers and
META tags, most modern browsers will do the right thing...
If you don't have the right headers and the right META tags,
you have bugs in your code. Are there any modern browsers
that don't support UTF-8 and the 8859-encodings?
Or not, in the case of the reply window I'm typing into right now,
which has turned your name into:
Nisse Engström
instead of:
Nisse Engström
There are actually SIMPLER characters involving only ASCII, but I
[I assume you meant the so called Extended ASCII. I can't
see any issues with (7-bit) ASCII.]
thought this particular example would drive the idea home better :-)
Not really. An o with an umlaut (which, by the way, is not
an umlaut at all in my language but a letter in its own
right) does not NEED escaping in the same way that the
special chars do.
This script might help as well:
pre?php
for ($o = 0; $o 256; $o++){
echo $o: ', htmlspecialchars($o), ' versus ',
htmlentities($o), '\n;
}
?/pre
[Replace ($o) with (chr($o))]
Both columns are the same unless I start mucking about
with the browsers character encoding. What exactly is
this supposed to prove? That you failed to provide a)
the page's character encoding, and b) a charset argument
to htmlentities()?
/Nisse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying HTML characters in real format
On Fri, 13 Jul 2007 01:24:09 -0500 (CDT), Richard Lynch wrote: htmlspecialchars ONLY escapes four characters: htmlentities escapes ALL characters that need it What characters other than the four (or five) NEED escaping, and why? /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying HTML characters in real format
Unless you have set the character encoding of the document to the same as what you have, say, in the database, you would have trouble showing, for example, your last name, with that umlaut. Anyway, I would read the comments for the function because I believe there are some issues beyond the characters handled by htmlspecialchars. I just prefer to set the character encoding compatible from end to end. Satyam - Original Message - From: Nisse Engström [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Tuesday, July 17, 2007 9:03 PM Subject: Re: [PHP] Displaying HTML characters in real format On Fri, 13 Jul 2007 01:24:09 -0500 (CDT), Richard Lynch wrote: htmlspecialchars ONLY escapes four characters: htmlentities escapes ALL characters that need it What characters other than the four (or five) NEED escaping, and why? /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.10.8/904 - Release Date: 16/07/2007 17:42 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying HTML characters in real format
On Tue, July 17, 2007 2:03 pm, Nisse Engström wrote:
On Fri, 13 Jul 2007 01:24:09 -0500 (CDT), Richard Lynch wrote:
htmlspecialchars ONLY escapes four characters:
htmlentities escapes ALL characters that need it
What characters other than the four (or five)
NEED escaping, and why?
All kinds of stuff, and to keep your site a) readable and b) safe.
For example, some people occasionally find a need to write an o with
an umlaut over it.
And sometimes they might type that right into a database form of some
kind.
And if that's being output, it needs to be converted to an HTML entity
so it will actually show up as an o with an umlaut, instead of, say,
capital A with a tilda followed by a paragraph symbol.
Now, in some cases, if you are using UTF-8 (or UTF-16) and if the
browser is supporting that, and if you've got the right headers and
META tags, most modern browsers will do the right thing...
Or not, in the case of the reply window I'm typing into right now,
which has turned your name into:
Nisse Engström
instead of:
Nisse Engström
Of course, it may get re-converted to who knows what before you see
it, but I'm not seeing the right thing...
There are actually SIMPLER characters involving only ASCII, but I
thought this particular example would drive the idea home better :-)
This script might help as well:
pre?php
for ($o = 0; $o 256; $o++){
echo $o: ', htmlspecialchars($o), ' versus ',
htmlentities($o), '\n;
}
?/pre
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying HTML characters in real format
On Thu, July 12, 2007 12:37 pm, Don Don wrote: Am kind of confused between htmlspecialchars and htmlentities. I've got data i need to display data on a page containing e.g. quot; but will like it to be displayed as htmlspecialchars or htmlentities or page character set ? htmlspecialchars ONLY escapes four characters: htmlentities escapes ALL characters that need it I honestly can think of no valid use for htmlspecialchars, to tell you the truth... There must be some use for it, though. Put it this way: Whatever data you have, it probably shouldn't contain HTML if you are asking this question, so you probably should be using htmlentities to escape everything and be safe. If it DOES have HTML in it, and you want that HTML to get to the browser, I'm concerned that you don't understand just how dangerous that is... http://phpsec.org/ -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying HTML characters in real format
Don Don wrote: Hi all, Am kind of confused between htmlspecialchars and htmlentities. I've got data i need to display data on a page containing e.g. quot; but will like it to be displayed as htmlspecialchars or htmlentities or page character set ? Cheers - Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos more. a little confused with what you have to begin with. Are you saying that in the text that you want to have displayed, it has quot; instead of or is it that you have a quot and want to run htmlspecialchars() or htmlentities() on it? and then have it displayed as and not quot? which is it? -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
