Posted by ZeldorBlat on 10/08/07 21:49

On Oct 8, 5:42 pm, Big Moxy <bigm...@gmail.com> wrote:
> On Oct 8, 1:10 pm, Justin Koivisto <justin.koivi...@gmail.com> wrote:
>
>
>
> > Big Moxy wrote:
> > > I want to send html formatted text yet strip out special characters
> > > (e.g. quotes and semi colons). I've seen preg_replace examples like
> > > $messageout = preg_replace('/[^0-9a-z\[\]\(\)<>]/i','',$message); to
> > > preserve some additional characters but don't know how to approach
> > > preserving html in general.
>
> > > This is a typical message line: $message.= "<b>Date: </b>" . $today .
> > > "<br />";
>
> > > I am setting these headers:
>
> > > $headers = "MIME-Version: 1.0\r\n";
> > > $headers.= "Content-type: text/html; charset=iso-8859-1\r\n";
> > > $headers.= "From: $emailaddress\r\n";
>
> > > Also, where can I find out which characters need to be escaped?
>
> > not sure i am getting what you are asking here, but htmlspecialchars()
> > perhaps?http://php.net/htmlspecialchars
>
> > --
> > Posted via a free Usenet account fromhttp://www.teranews.com-Hide quoted text -
>
> > - Show quoted text -
>
> I'm sorry I didn't state my objective for the post. Thank you for
> telling me about htmlspecialchars. I believe it is applicable in this
> case but not sure. My goal is to add defensive coding for whatever the
> user may intentionally or unintentionally type in and still preserve
> the html formatted email that has been created. Should I converse my
> initially formatted message with htmlspecialchars and then apply
> preg_replace to it? If so, which of these special characters require a
> preceding "escape" character -> @ , . & ; -
>
> Thanks!

You escape characters that have special meaning in a particular
context. In HTML, for instance, < and > have special meaning. You
can't just run the HTML through htmlentites() because you'll lose
whatever HTML you have. You need to escape things that are not
supposed to be interpreted as HTML before inserting them into the
HTML.

For instance, suppose we want the text "2 < 5" to appear between
inside a <b> element. Then you need to do something like this:

$str = '2 < 5';
$html = '<b>' . htmlentites($str) . '</b>';

So the stuff that isn't supposed to be interpreted as HTML is escaped,
while the actual tags are not.

• Next in forum: Re: mysql_connect and encrypted password
• Prev in forum: Re: Help - stripping special characters from email and retaining html tags
• Thread view: Re: Help - stripping special characters from email and retaining html tags

[Reply to this message]