-1

When I use htmlentities() to encode a variable it works like a charm, but if I do the same thing with an array it just returns an empty array. I tried to use array_map() but it's the same story. I tried to switch the encoding to ISO-8859-1 and UTF-8 but with no success. It doesn't want to work.

Here's the code:

<html>
 <head>
  <title>Signup</title>
 </head>
 <body>
  <form name="signup" method="POST" action="form.php">
   <fieldset>
    <legend><p style="color:red; font-size:16px">Sports</p></legend>
    <ul>
     <li>
      <input type="checkbox" name="sports[]" value="soccer">
      <label for="soccer">Soccer</label>
     </li>
     <li>
      <input type="checkbox" name="sports[]" value="water_polo">
      <label for="water_polo">Water polo</label>
     </li>
     <li>
      <input type="checkbox" name="sports[]" value="tennis">
      <label for="tennis">Tennis</label>
     </li>
     <li>
      <input type="checkbox" name="sports[]" value="volleyball">
      <label for="volleyball">Volleyball</label>
     </li>
    </ul>
   </fieldset>
  </form>
  <?php
   $sports = htmlentities($_POST["sports"], ENT_COMPAT, 'ISO-8859-15');

   $count = count($sports);
   if($count == 0) {
        echo "You don't play any sports.<br>";
   } else {
        echo "You like playing: ";
        foreach($sports as $s) {
             if(--$count == 0) {
                  echo "<span style='color:red'>$s</span>.<br>";
                  break;
             } else {
                  echo "<span style='color:red'>$s</span>, ";
             }
        }
   }
  ?>
 </body>
</html>

It produces the following output:

You don't play any sports.

Meaning htmlentities() wasn't able to encode my array.

sgrontflix
  • 91
  • 1
  • 9
  • 2
    what does the form/inputs look like? and how you used `array_map()`? – Funk Forty Niner Oct 31 '16 at 13:59
  • [`htmlentities()`](http://php.net/manual/de/function.htmlentities.php) does not accept an array. – simon Oct 31 '16 at 14:05
  • @simon I doubt the OP understands German ;-) Use English links http://php.net/manual/en/function.htmlentities.php when referencing PHP.net – Funk Forty Niner Oct 31 '16 at 14:09
  • 1
    Voted to close as unclear; post your full code and what you tried or wait... - The more time you wait, well.... the more time it takes to offer/give you a solution. You lose your audience that way, just as you lost me; good luck. – Funk Forty Niner Oct 31 '16 at 14:16
  • 1
    You either have to loop through and encode each item or you have to encode prior to placing in the array. I see what you're trying to do here and you'd be better off storing the data in your database using prepared statements. – Jay Blanchard Oct 31 '16 at 14:19
  • 1
    @Fred-ii- forgot to switch the language before copying the URL. At least the method synopsis is universally understandable ;-) – simon Oct 31 '16 at 14:22
  • @simon No worries ;-) They have the English link to refer to, or they can always choose their preferred language from the dropdown select. – Funk Forty Niner Oct 31 '16 at 14:23

1 Answers1

1

I'm not sure how you've tried using array_map, but the following is one correct approach:

function sanitize($arg) {
    if (is_array($arg)) {
        return array_map('sanitize', $arg);
    }

    return htmlentities($arg, ENT_QUOTES, 'UTF-8');
}
$array = array_map('sanitize', $_POST);

This uses recursion so it will also work with multi-dimensional arrays.

mister martin
  • 6,197
  • 4
  • 30
  • 63
  • That's how I used `array_map()`: `$array = array_map("htmlentities", $_POST["array"], ENT_COMPAT, 'ISO-8859-15')` – sgrontflix Oct 31 '16 at 17:21
  • @sgrontflix that is not how I'm using it... If you want to pass arguments read [this comment](http://php.net/manual/en/function.array-map.php#84632). – mister martin Oct 31 '16 at 17:31
  • 1
    I read the manual for `array_map()` again and realized that I'm a complete idiot lol... Thank you very much for the clean function, now I understand it all :) – sgrontflix Oct 31 '16 at 17:32