Posted by Rik on 07/24/07 11:04

On Tue, 24 Jul 2007 12:55:22 +0200, Sergei Riaguzov <hello@world.com>
wrote:

> On Tue, 24 Jul 2007 12:48:04 +0200, Rik wrote:
>
>>> Hmm, I can apply stripslashes() to a string, causing it to remove
>>> slashes near quotes (\") but how can I change this quotes to
>>> appropriate HTML quotes like &quot;?
>> htmlspecialchars()?
> Thanx that seems to be the appropriate function.
>
>> (I can't really think of a situation where all qoutes should be swapped
>> for a htmlentity, and not the <,> and &...)
> Well then I will ask a lamer question, what is the best way to deal with
> situation when you have a textarea in a form and some text in some other
> place on the page, and everything which is written in the form is send to
> the same page via POST to the same textarea which produces slashes? And
> the other problem is in this other part of the page where the same text
> from the texarea is placed (but with some modifications). It also
> contains slashes like \".

Unless you want to allow HTML, htmlspecialchars is the way to go indeed.
Allthough the content of a textarea isn't an attribute, so most tag-soup
HTML browsers would have no problem displaying it properly with normal
qoutes.

> There if I see page source I can see that every " is changed to &quot; in
> textarea and in the right part of the page (after translation), so I
> thought that this would be the best way?

Indeed, but also change the '<' etc, doe you know what happens to your
page otherwize if I decide I need '</textarea>' translated?

> So I should just use htmlspecialchars(), not htmlentities() on strings
> from POST right?

If you want to display them as normal text, indeed. If you want to allow
HTML then no.
--
Rik Wasmus

• Next in forum: Re: stripslashes vs quotes
• Prev in forum: Re: help in querying tables
• Thread view: Re: stripslashes vs quotes

[Reply to this message]