stackoom
  简体   繁体   中英

How to set ENT_QUOTES flag by default for htmlentities() function in php

 原文  2012-11-04 23:14:40       php/ codeigniter/ html-entities

Question

I am using htmlentities($data, ENT_QUOTES) on any data fetched from database before displaying it.

Is there a way I can set the flag ENT_QUOTES by default for htmlentities() function, so that even if I write htmlentities($data) it should work as htmlentities($data, ENT_QUOTES) .

As written in the documentation of php the default is ENT_COMPAT | ENT_HTML401 ENT_COMPAT | ENT_HTML401 .

For your information I am using codeigniter framework, php5.

UPDATE 1: wrapping with a custom function as suggested by Michael could help but I have already used this everywhere in the website without ENT_QUOTES flag and was wondering if there is a way provided by php to change defaults for its functions.

UPDATE 2: I think html_escape() inbuilt function provided by codeigniter (suggested by Wesley) is the best for me so that i don't have to write my own wrapper function.

2 answers

solution1
 3  2012-11-05 03:18:58

There's no way to change the default flags that I know of, but the advice given to you in the comments is absolutely the best way to approach this anyways: use a wrapper function.

Conveniently, Codeigniter has one built in already, appropriately named: 

echo html_escape($string);

You can pass in arrays as well, here's what it does: 

/**
* Returns HTML escaped variable
*
* @access   public
* @param    mixed
* @return   mixed
*/
if ( ! function_exists('html_escape'))
{
    function html_escape($var)
    {
        if (is_array($var))
        {
            return array_map('html_escape', $var);
        }
        else
        {
            return htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
        }
    }
}

Just do a search for htmlentities in your project and replace (carefully) with html_escape . This will also provide the opportunity for you to easily make changes in the future because you can alter the function. It's a little bit of an initial time investment but well worth it.

solution2
 0  2012-11-05 06:05:01

If you are accessing the variable directly. For example: $this->model_name->variable;

Then you can use __get function in model name and process it before it is accesses from object. http://www.php.net/manual/en/language.oop5.overloading.php#object.get

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Applying htmlentities ENT_QUOTES on array What does htmlentities with ENT_QUOTES and UTF-8 do? PHP ent_quotes exception for <br> and <ar> PHP line break br with ENT_QUOTES htmlspecialchars & ENT_QUOTES not working? Should I use ENT_QUOTES with htmlspecialchars or not when using htmlspecialchars to escape double-quotes, why is ENT_QUOTES required when using ENT_SUBSTITUTE? Can I use htmlspecialchars($email, ENT_QUOTES, 'UTF-8') instead of filter_sanitize_email() PHP htmlentities quotes issue PHP5.3 htmlentities with ENT_HTML5 throws error message
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM