5

This is simple question but I am a newbie so please forgive my simple question.

Is there an easy way to reverse the effects of the FILTER_SANITIZE_SPECIAL_CHARS filter? If not how would you reverse it. Please don't just say regular expressions, actually suggest how. To be clear I am not looking to reverse the string.

Here is some sample code to help explain what I want to do:

/*** a string with tags ***/
$string = "<li><script>!@#$%^&*\n\'#foo</script><br><p /><li />";

/*** sanitize the string ***/
$x = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS);
echo $x . "<br>\n";

/*** I want this to output <li><script>!@#$%^&*\n\'#foo</script><br><p /><li /> ***/
echo htmlspecialchars_decode($x);
/*** instead it outputs: &#60;li&#62;&#60;script&#62;!@#$%^&#38;*&#10;\&#39;#foo&#60;/script&#62;&#60;br&#62;&#60;p /&#62;&#60;li /&#62; ***/

All ideas will be appreciated. Thanks in advance.

Brett
  • 3,296
  • 5
  • 29
  • 45
  • 1
    Have you tried [htmlspecialchars_decode()](http://www.php.net/manual/en/function.htmlspecialchars-decode.php)? This would get you at least most of the way, and possibly be enough depending on what data was escaped. – jedwards May 20 '12 at 04:34
  • @jedwards that did not do anything. Do you simply use it as htmlspecialchars_decode($myString)? – Brett May 20 '12 at 04:41
  • `$out = htmlspecialchars_decode($in); echo $out;` -- something like that. What does the filtered text look like? – jedwards May 20 '12 at 04:42
  • 2
    Also consider [html_entity_decode()](http://www.php.net/manual/en/function.html-entity-decode.php) – jedwards May 20 '12 at 04:44
  • 1
    @jedwards genius answer can't believe I could not find that with all my Google searches. If you put that as answer an I will mark it as solved. Many thanks my friend. :-) – Brett May 20 '12 at 04:48

1 Answers1

3

Consider html_entity_decode(), a more comprehensive version of htmlspecialchars_decode().

jedwards
  • 29,432
  • 3
  • 65
  • 92