Re: $_POST case sensitivity

Jeff wrote:
Jerry Stuckle wrote:
mike.coakley@xxxxxxxxx wrote:
Jerry,

I can appreciate your view point. Maybe I did assume too much with my
reply. I was assuming that Bill would understand my intention with
first giving him the answer he was looking for (array_change_key_case)
and then expanding to fulfill a comment someone else made in the
posts, to me if you are iterating over the data received from a HTML
form you should only iterate once if possible and that is why I made
the natural "leap" to offer some filtering advice as well.

So... BILL - please understand that all you need to use is
array_change_key_case to resolve the issue you have requested within
this topic. However, off topic of course, you can use htmlentities to
encode/filter HTML form data received via the $_POST array to
effectively strip the users input of HTML entities while still
retaining their display value. (Definitely read the linked docs in my
last reply.) You absolutely should understand what issues htmlentities
could cause your data input routines and ensure that all of those
involved understand how its filtering will affect your workflow.

Jerry - if you would, even off list - let me know the issues you have
had with htmlentities. I've used it for a while now and would like to
know what problems it can cause.

Thanks,

Mike


htmlentities() is not the correct function to use here. It is used to write strings which may contain html special characters (like '<' and '>', for instance) to an html page.

Say we have a textarea:

<textarea> $value </textarea>

What would be the proper processing needed for $value? I'm using htmlentities for my textfields and selects and I assume that is correct, but $value could contain html and I'm unsure what to do there as I don't want to turn <br> into &lt;br&gt; but I also don't want to break this if
there is a textarea tag in $value.

Jeff


It is not meant to be used on input
data, and its use in that situation is incorrect.



Jeff,

Yes, you use htmlentities (or htmlspecialchars()), but you use it when you output your data, not when you get it in.

You want the input string as it stands so you can parse it as necessary. Once you're happy the string is valid, you use one or the other to display the data.

So for instance, if the user input

Visit web page at <a href="http://www.example.com";>example.com</a>!

and you want to check for any html attributes, you can search the string for '<'. If you run the string through htmlentities() first, you have to look for '&lt;' - which is much less clear.

But to display it in a non-text area element, you would call htmlentities() to display it.

Also, you if you were to store the string in a database, you would want to do it before calling htmlentities(). Again, call it just before displaying the string (in a non-text area element).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Relevant Pages

  • Re: Lots of Response.Writes of HTML - How do YOU do it?
    ... Dimension array ... // and creates a long html string accordingly to display the info. ...
    (microsoft.public.inetserver.asp.general)
  • Re: How not to parse HTML??
    ... I need to tell the parser to display it as it is without responding to any ... Where do you want to display a string ... The string may contain HTML, but you don't want it to be parsed? ... > Karl R. B. Jones wrote: ...
    (microsoft.public.inetsdk.html_authoring)
  • Re: How not to parse HTML??
    ... Some of this data may contain HTML tags. ... >> Hi Leo, ... Where do you want to display a string ...
    (microsoft.public.inetsdk.html_authoring)
  • Re: How not to parse HTML??
    ... Fabrice ... > Could someone tell me how to display a string without risking any HTML ...
    (microsoft.public.inetsdk.html_authoring)
  • Re: Convert Chars to Entities
    ... > I want to convert a string of characters to HTML entities... ...
    (alt.php)