/    Sign up×
Community /Pin to ProfileBookmark

When Not To Use htmentities(), htmlspecialchars, urlencode(), intval() ?

Copy linkTweet thisAlerts:
Apr 26.2021

Folks,

It seems the guys at StackOverFlow can’t make-up their minds and are fighting who is right and he is wrong and so I will stick to this forum instead.
https://stackoverflow.com/questions/46483/htmlentities-vs-htmlspecialchars/3614344
One of them talked about this function but I ain;t bothered about it now but may do in future. DO check it out:
https://www.php.net/manual/en/function.get-html-translation-table.php

When to use htmlentities() and when to use htmlspecialchars() ? That’s the big question.
Former turns all chars into entities and latter turns certain limited chars. That is what I know. But looking at the argument at StackOverFlow it seems this is not always the case. Infact opposite. According to them.

What’s your input.
I’m going to be echoing links that contain params from url $_GET. Params that are sometimes based on programmer’s default settings/programmings and params that are user inputs on webforms. Hence, looking into these two functions all over again. Gonna look into urlencoding() again too.
I just keep forgetting these 2 confusing functions. There should have been one instead of 3.
And sometimes some say use the INVAL while others say urlencode() is enough. Again confusing!
Hence, looking into urlencode() and INTVAL() again.

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@developer_webauthorApr 26.2021 — @Sempervivum

We are spoilt for choice when to use the htmlentities() and the htmlspecialchars() as we won't be always dealing with one same value. For example, we might be outputting on page different values of $var each time from our mysql db or outputting on our page different values of $var (value that the user just submitted on our webform).

In short, we don't know what the value of $var will be and so we don;t know whether to use the htmlentities() or the htmlspecialchars().

For our learning purpose, is there any chance you can write two lines of code (a custom function) that checks the $var value to see whether it has chars that are best to use htmlentities() over the htmlspecialchars() or best to use htmlspecialchars() over the htmlentities() ? And then our custom function can use the appropriate function out of the two built-in functions (htmlentities()/htmlspecialchars()). That way, we don't use' the wrong built-in function, out of the two, unnecessarily.

What you say ?

Have you ever tried building something like this, ever ?

Anyone else welcome to give this custom function building a go. I'm still at beginner level and so this is a bit over my head.
Copy linkTweet thisAlerts:
@developer_webauthorApr 27.2021 — @NogDog,

Care to chime in ?

Cheers!
Copy linkTweet thisAlerts:
@SempervivumApr 27.2021 — @developer_web#1630875

My knowledge regarding PHP and, in detail, this htmlentities, htmlspecialchars etc. stuff, is limited, therefore I'm not able to answer your questions.
Copy linkTweet thisAlerts:
@developer_webauthorMay 03.2021 — @inkt

You know more on php htmlspecialchars() and htmlentities() ?

https://www.webdeveloper.com/d/393900-when-not-to-use-htmentities-htmlspecialchars-urlencode-intval/2
Copy linkTweet thisAlerts:
@developer_webauthorMay 18.2021 — Folks,

If you new to php then do check this out:

https://guides.codepath.com/websecurity/PHP-Encoding-for-HTML

https://guides.codepath.com/websecurity/PHP-Encoding-for-URLs
×

Success!

Help @developer_web spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 4.24,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...