php - Escaping quotes (htmlspecialchars)

Hello!

I want to ask hackneyed questions relate to the screening of special symbols. When added to a base apply htmlspecialchars () function. When outputting in the & lt; body & gt; The text of the text "text" & lt; / body & gt; , the quotes are displayed normally, but in the meta title text text & amp; quot; text & amp; quot; .

How to make quotation marks in the TITLE is displayed normally, and how to correctly implement this task?

Answer 1, Authority 100%

htmlspecialchars () does not need to perform when added to the database, but directly in the derivation of the page (when substituted in the HTML-template). When added to the database need to use quotes shielding function, which before the quotation marks with a backslash ( “\”). It can do, for example, mysqli_escape_string () . Escaping quotes when added to the database only need to correctly maintain, while preserving the backslash will be removed and stored in the database will be the original version (without the backslash). In the database, it is desirable to store text values in their original form. If you keep them in advance treated with htmlspecialchars () , it may be difficult to find and the conclusion of these records are not in HTML (for example, in the JSON or console). Therefore, when you save a text string database (by substituting it into SQL-query) are using mysqli_escape_string () (kraynyak addslashes () ). When outputting in HTML wrapping variable text value in the htmlspecialchars () . Moreover, in the htmlspecialchars () should be wrapping any text strings that are not HTML-formatted, whether they are taken from the database or not.

Escaping quotes (htmlspecialchars)

Answer 1, Authority 100%

Programmers, Start Your Engines!

Recent questions

yandex cards disappear labels with zoom

Embarcadero C++ Builder 10.3 does not give prompts by code

Found input variables with inconsistent numbers of samples error

Return to previous page

Lua C++ error handling