htmlspecialchars is a PHP function that convert special characters to HTML entities.
htmlspecialchars is a PHP function that convert special characters to HTML entities.
Famous question: htmlentities() vs. htmlspecialchars()
Questions tagged [htmlspecialchars]
467 questions
10
votes
4 answers
Is using htmlspecialchars() sufficient in all situations?
My users are allowed to insert anything into my database.
So using a whitelist / blacklist of characters is not an option.
I'm not worried (covered it) about the database end (SQL injection), but rather code injection in my pages.
Are there any…
PeeHaa
- 71,436
- 58
- 190
- 262
9
votes
5 answers
htmlspecialchars & ENT_QUOTES not working?
Basically on displaying data from MySQL database I have a htmlspecialchars() function below that should convert single and double quotes to their safe entity(s). The problem I'm having is on viewing source code, it is only converting < > & when I…
PHPLOVER
- 7,047
- 18
- 37
- 54
9
votes
4 answers
How do I convert special characters using java?
I have strings like:
Avery® Laser & Inkjet Self-Adhesive
I need to convert them to
Avery Laser & Inkjet Self-Adhesive.
I.e. remove special characters and convert html special chars to regular ones.
Vladimir
- 12,753
- 19
- 62
- 77
8
votes
3 answers
Laravel htmlspecialchars() expects parameter 1 to be string, object given in my project?
So i'm trying to code a simple website form. But it has this htmlspecialchars error.
I've tried to make {{ $message }} but it didn't work. has the same error.
this is my controller :
calvinerico
- 121
- 1
- 2
- 6
8
votes
5 answers
PHP htmlentities not working even with parameters
Of course this has been asked before and have searched for solutions, all which have not worked thus far. I want to change out the TM symbol and the ampersand to their html equivelents by using htmlentities or htmlspecialchars:
$TEST = "Kold…
ToddN
- 2,901
- 14
- 56
- 96
8
votes
3 answers
Escape only single quotes (leave double quotes alone) with htmlspecialchars()
I know there are other ways of of escaping only single quotes (such as this answer), but it appears to me that there should be a way using htmlspecialchars().
According to the manual, it should be some combination of their constants, but based on…
Luke Shaheen
- 4,262
- 12
- 52
- 82
7
votes
4 answers
is it better to escape/encode the user input before storing it to database or to store it as it is in database and escape it while retrieving?
I am using htmlspecialchars() function to prevent XSS attacks. I have doubt regarding what is the better method to store the data in database from following.
Method 1 : Store the user input values after applying htmlspecialchars() function. Using…
Vivek Vaghela
- 1,075
- 9
- 16
7
votes
1 answer
How to remove encoded HTML tags from a string in PHP
A web service that I am accessing send the following response...
<strong>result</strong>
How can I strip the string of these encoded tags?
vikmalhotra
- 9,981
- 20
- 97
- 137
7
votes
1 answer
How to convert with Ruby accented characters in HTML special entities
How can I do this on Ruby?
puts some_method("ò")
# => "ò"
In other words convert an accented character like ò to his HTML version: ò
I tried like this:
# coding: utf-8
require 'rubygems'
require 'htmlentities'
require 'unicode'
coder…
Leonardo Dario Perna
- 1,045
- 2
- 10
- 23
6
votes
2 answers
How to prevent XSS in attributes
so I have a site where users can register using a username of their choosing and can submit large blocks of text and add comments. Currently, to avert XSS, I use strip_tags on the data on input to the database and I only output the data in the body,…
user887068
- 133
- 1
- 6
6
votes
2 answers
Why htmlspecialchars_decode in PHP does not have the charset parameter as in its counterpart?
There is a charset parameter in htmlspecialchars but the decode version does not have it. In comparison to the similar htmlentities, the encode and decode functions both have the charset parameter. So I can't choose what charset I am decoding back…
Lawrence Lau
- 326
- 2
- 4
- 11
6
votes
1 answer
Convert HTML entities and special characters to UTF8 text in PHP
There are a lot of questions and documentation about converting HTML entities and special characters to UTF8 text in PHP. And also there is the PHP documentation itself, such as this htmlspecialchars_decode() and this html_entity_decode(). However,…
Greeso
- 7,544
- 9
- 51
- 77
6
votes
3 answers
Avoid XSS with BBCode input and HTML output
I'm currently working on a website, where users can write articles with few format possibilities (like bold, italic, list...). I'm using a framework: CodeIgniter.
I'm a beginner, and I've heard some stuff about XSS. I would like to know what do you…
user2500511
6
votes
1 answer
Any way to reduce htmlspecialchars() CPU usage?
I have a php 5.4/mysql website with 5 million hits per day, running on a linux server with nginx and php-fpm. Database is located on a separate server.
I've noticed, that at peak times, my webserver load gets up to 15, instead of normal 4 for quad…
Silver Light
- 44,202
- 36
- 123
- 164
6
votes
3 answers
How to use javascript to get html special characters in text input
I want to sent some html special character to text field and then later use javascript to get it back in its original format: like if I sent "&pi", it will shows "π" on the text input, and when I use javascript to get it back, I should get "&pi",…
kli
- 283
- 1
- 5
- 16