Re: br html line breaks and htmlentitities

---

• From: "Richard Levasseur" <richardlev@xxxxxxxxx>
• Date: 31 Jul 2006 10:30:47 -0700

---

pittendrigh wrote:

I have a home-rolled forum, written in php, based
on some old cgi code written by a guy named David Turely.
Works just fine.

However, when reading user-supplied input I use 'addslashes'
to clean the possibly tainted data.

On subsequent displays the user-supplied data comes
off the file system, so I do a stripslashes and then
an addslashes (prevents single quotes from multiplying
in quoted parts of the threads).

However, this does put one annoying slash before single
quote in the text, that looks ugly in the output.

If I use htmlentities on the data instead of addslashes,
everythink looks fine, except for incoming newlines,
which don't translate into real <br/> tags,
so the text all runs together as one long sentance.

If anybody understands what I'm gibbering about,
maybe they also have a solution:

How do I scrub user-supplied input so it is safe to
display, and so single quotes are not visually escaped,
and so real <br/> tags appear at the end of each line?

Seems to me like regular expressions allowing real html
for <br/> tags *only* has to be part of the deal. But I
don't know how to handle the ugly, visually escaped
single quotes.

You can use nl2br() for changing newlines to <br/> (actually, i think
nl2br() *may* respect the current DTD, but don't quote me on that).

You can use htmlentities to santize the data.

The additional slash may be coming from the "magic quotes" options of
PHP.
See http://us2.php.net/manual/en/security.magicquotes.php for more
information. Make sure it is turned off because it causes headaches
like the ones you describe.

What may have happened by now is that you've been running with magic
quotes enabled, so a portion of your data contains a literal \'. If
thats the case, you'll have to identify those records and fix them
manually since its not a display bug, its a problem with the data.
Very annoying, i know. A simple find/replace for \' should be able to
fix it, more or less.

.

---

• References:
  • br html line breaks and htmlentitities
    • From: pittendrigh

• Prev by Date: Re: Mozilla Firefox and PHP
• Next by Date: Re: mail sending within a while failed
• Previous by thread: Re: br html line breaks and htmlentitities
• Next by thread: Learn PHP online
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: br html line breaks and htmlentitities ... when reading user-supplied input I use 'addslashes' ... display, and so single quotes are not visually escaped, ... and so real tags appear at the end of each line? ... (comp.lang.php) br html line breaks and htmlentitities ... when reading user-supplied input I use 'addslashes' ... display, and so single quotes are not visually escaped, ... and so real tags appear at the end of each line? ... (comp.lang.php) Re: PHP scripts and IE ... > But it saves you having to think of whether to use single quotes or not. ... Single quotes mean that the content will be printed as-is. ... Thus single quoted strings are processed faster. ... would be the best solution IMO (although you might want to make it ... (alt.php) Re: [PHP] String display issue ... The key is htmlentitieswill convert double quotes to " ... As for the addslashes() remark, note that you _do not_ have to use ... strip_slasheswhen pulling data back out of a database (unless you ... database, ... (php.general) Re: update hyperlink through query ... I tried it with double quotes first but someone told me single quotes ... My name's common all over the world. ... I have created a table in a database that contains hyperlinks pointing ... (microsoft.public.access.queries)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)