Home php Escaping quotes (htmlspecialchars)

Escaping quotes (htmlspecialchars)





I want to ask hackneyed questions relate to the screening of special symbols. When added to a base apply htmlspecialchars () function. When outputting in the & lt; body & gt; The text of the text "text" & lt; / body & gt; , the quotes are displayed normally, but in the meta title text text & amp; quot; text & amp; quot; .

How to make quotation marks in the TITLE is displayed normally, and how to correctly implement this task?

Answer 1, Authority 100%

htmlspecialchars () does not need to perform when added to the database, but directly in the derivation of the page (when substituted in the HTML-template). When added to the database need to use quotes shielding function, which before the quotation marks with a backslash ( “\”). It can do, for example, mysqli_escape_string () . Escaping quotes when added to the database only need to correctly maintain, while preserving the backslash will be removed and stored in the database will be the original version (without the backslash). In the database, it is desirable to store text values ​​in their original form. If you keep them in advance treated with htmlspecialchars () , it may be difficult to find and the conclusion of these records are not in HTML (for example, in the JSON or console). Therefore, when you save a text string database (by substituting it into SQL-query) are using mysqli_escape_string () (kraynyak addslashes () ). When outputting in HTML wrapping variable text value in the htmlspecialchars () . Moreover, in the htmlspecialchars () should be wrapping any text strings that are not HTML-formatted, whether they are taken from the database or not.

Programmers, Start Your Engines!

Why spend time searching for the correct question and then entering your answer when you can find it in a second? That's what CompuTicket is all about! Here you'll find thousands of questions and answers from hundreds of computer languages.

Recent questions