mr moon Posted March 12, 2011 Posted March 12, 2011 Hello i am wondering, if htmlentities and htmlspecialchars are the same thing. If they are not the same thing, what does htmlentities do? I have seen a code like this $_POST['post'] = mysql_real_escape_string(htmlentities($_POST['post'])); so if htmlentities and htmlspecialchars are not the same thing how would i put htmlspecialchars in the code above? woluld it be like this? $_POST['post'] = mysql_real_escape_string(htmlspecialchars($_POST['post'])); I will appreciate it if anyone can help me :P Thanks Mr Moon Quote
lucky3809 Posted March 12, 2011 Posted March 12, 2011 they arent the same but very similar htmlentities — Convert all applicable characters to HTML entities htmlspecialchars — Convert special characters to HTML entities there is no need to use both, if you want everything html not to go through a post then you would use htmlentites. If you only want special characters not to go through then you use the other one htmlespecialchars... using both is useless imo. lol. and yes you have the correct way of placing the function! Quote
mr moon Posted March 12, 2011 Author Posted March 12, 2011 Oh thanks i am kinda understanding it now Well this is what htmlspecialchars secured: I think it secures your site from HTML injection and some XSS attacks So does htmlentitles do the same thing or does it also secure from all xss attacks? Also what do you mean if i dont want special characters to go through like what kinda character and which would be the best to use for Mccodes v2 htmlspecialchars or htmlentitles? Thanks Mr moon :P Quote
lucky3809 Posted March 12, 2011 Posted March 12, 2011 Yes you got the correct idea about htmlspecialchars. they both secure from xss attacks and html injections. here is 2 sites that may help you understand them both! http://www.php.net/manual/en/function.htmlspecialchars.php http://sqa.fyicenter.com/Online_Test_Tools/Test_htmlspecialchars_PHP_Function.php Quote
Paul Evans Posted March 12, 2011 Posted March 12, 2011 I really don't get this... why is the title mccodes security yet your not posting anything from MCC... php.net explains functions ;) Also if you really wanna filter then why not use preg? Quote
mr moon Posted March 12, 2011 Author Posted March 12, 2011 Thanks lucky3809 for the help And paul what do you mean by filtering with preg? Quote
Djkanna Posted March 13, 2011 Posted March 13, 2011 Filtering with regular expressions. Preg; Preg_match(); Preg_replace(); Preg_replace_callback(); And preg_last_error(); Quote
mr moon Posted March 13, 2011 Author Posted March 13, 2011 Well how do you use preg and what do they do. Thanks Mr Moon Quote
Paul Evans Posted March 13, 2011 Posted March 13, 2011 I'm sorry but do you not have initiative php.net is a manual... getting the hint? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.