I've tried many functions already, but I simply can't figure this out. The right way, anyway.
In a form field called description, I can expect all kinds of characters. These need to be formatted into HTML entities before they're submitted to the db.
Now, my code:
$formdesc = htmlentities($_POST['formdesc'], ENT_QUOTES);
For a MySQL query, I simply add a "safe" function to slash the ' off the string:
mysql_real_escape_string($formdesc);
However, this sometimes doesn't work. "é," for instance, becomes é instead of é.
There must be a normal function for this. Does anyone know what I mean?
You need to specify the encoding for the htmlentities
function (here UTF-8):
$formdesc = htmlentities($_POST['formdesc'], ENT_QUOTES, 'UTF-8');
Otherwise the default value ISO-8859-1
is used and the character é
in your example encoded in UTF-8 as 0xC3A9 would be interpreted as two characters ( Ã
and ©
).
But why do you use htmlentities
anyway? If you just want to escape the HTML special characters like &
, <
, >
, "
and '
htmlspecialchars
will suffice.
have you tried looking at htmlspecialchars() and htmlspecialchars_decode()
Josh
Seems like the usual PHP escaping functions do not work on utf-8 text. Maybe Handling UTF-8 in JavaScript, PHP, and Non-UTF8 Databases will help you. Another source about utf-8 and PHP is the PHP UTF-8 cheatsheet .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.