开发者

htmlentities destroys utf-8 strings

I got something weird happening here and I can't understand why, on my php 5.2.5 server (Just on Linux ,Windows php servers doesn't have same problem) When I use a POST Form to post the content on an input containing "é" and on the other side I

echo(htmlentities($_POST["myinput"])) 

it echos é

But if I echo my

$_POST["myinput"] 

simply it shows "é", so this mean my htmlentities doesn't use UTF-8 by default, where can I change the Charset used by htmlentities?

I tried changin开发者_如何学编程g it in my php.ini default_charset = "UTF-8", but it won't work either?


htmlspecialchars($str, ENT_QUOTES, "UTF-8")

This is also better at preventing xss than just htmlentities()


In version 5.4.0 the default value for the encoding parameter was changed to UTF-8.

Source: Manual


The only way to change htmlentities()'s encoding is specifying it in its third parameter.

There is no way to change the default encoding. Prior to PHP 5.4 It is always iso-8859-1.

This was changed in PHP 5.4 however and is now always utf-8


From php manual : htmlentities() takes an optional third argument encoding which defines encoding used in conversion. From PHP 5.6.0, default_charset value is used as default. From PHP 5.4.0, UTF-8 is the default. PHP prior to 5.4.0, ISO-8859-1 is used as the default. Although this argument is technically optional, you are highly encouraged to specify the correct value for your code.


And if you don't want to worry about so many different charset codings or if htmlentities doesn't work for you, here the alternative: I used mysqli DB connection (and PHPV5) Form post for writing/inserting to MySQl DB.

$Notes = $_POST['Notes']; //can be text input or textarea.

$charset = mysqli_character_set_name($link);  //mysqli connection
printf ("To check your character set but not necessary %s\n",$charset);  

$Notes = str_replace('"', '"', $Notes);  //double quotes for mailto: emails.  
$von = array("ä","ö","ü","ß","Ä","Ö","Ü"," ","é");  //to correct double whitepaces as well
$zu  = array("ä","ö","ü","ß","Ä","Ö","Ü"," ","é");  
$Notes = str_replace($von, $zu, $Notes);  
echo " Notes:".$Notes."<br>" ;  
$Notes = mysqli_real_escape_string($link, $Notes); //for mysqli DB connection.
// Escapes special characters in a string for use in an SQL statement

echo " Notes:".$Notes ;  //ready for inserting
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜