Posting string encoded with htmlentities back to the server
Question
I generate this in a view:
<form method="post">
<input type="hidden"
name="test"
value="<?=htmlentities('<>"&ščé', ENT_QUOTES, 'UTF-8')?>">
<input type="submit>
</form>
Now, should I do this when processing data from the form?
$decodedTest = html_entity_decode($_POST['test'], ENT_QUOTES, 'UTF-8');
I think that this should be allright:
$decodedTest = $_POST['test'];
But I have not found a reference to this.
EDIT: I had printed the posted value of test and I had seen that the value is not encoded. What I don't know is If I can rely on this behaviour and why. I am asking about theory of operation. If I look into the raw post request, I can see that the post data is urlencoded (which is I guess a different type of encoding than htmlentities does). Does that mean that client must perform some recoding before sending the request. Does (client) browser store input values in encoded form or decoded form in memory before sending? (I already know that php automatically decodes urlencoded data in requests so that part is fairly clear to me).
2 answers
solution1
1 ACCPTED 2012-11-06 13:35:32
You don't really need a reference because printing htmlspecialchars($_POST['test']) (or just setting Content-Type: text/plain ) will immediately reveal that the data inside $_POST is not entity-encoded.
You also don't need to call htmlentities to encode the data in the view -- htmlspecialchars will suffice if your aim is to generate valid markup.
solution2
0 2012-11-06 13:38:15
Sending the form, you can do it. Better check
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.