I'm trying to push all blog posts through htmlspecialchars
to ensure all characters are displayed correctly.
However once being processed (they are called when pulling data from the database, not when pushing) they aren't displaying as characters!
Just their respetive codes appear.
Here is how I'm fetching the data:
<?php
while($result = mysql_fetch_array( $results )
{
echo "
<div class=\"post\"><article>
<a href=\"//blog.jacoblukewood.com/p/" . $result['id'] . "\"><h3 class=\"posttitle\">" . htmlspecialchars($result['title']) . "</h3></a>
<div class=\"postcontent\">
<p>";
if (strlen($result['content']) > 300)
{
echo nl2br(htmlspecialchars(substr($result['content'],0,300))) . "… " . "<a href=\"//blog.jacoblukewood.com/p/" . $result['id'] . "\">Continue Reading</a>";
}
else
{
echo nl2br(htmlspecialchars(substr($result['content'],0,300)));
}
echo "</p>
</div>
</article>
<div class=\"poststats\">
<a href=\"//blog.jacoblukewood.com/p/" . $result['id'] . "#disqus_thread\"></a><a> • By " . $result['poster'] . " • On " . htmlspecialchars(substr($result['timestamp'],0,10)) . " • </a><a href=\"//blog.jacoblukewood.com/t/" . $result['topic'] . "\">" . htmlspecialchars($result['topic']) . "</a><br /></div>
</div>";
}
?>
And it's displaying like this:
Yay it's working!!
Everything seems good, comments, url's, random colours etc!
My website is jacoblukewood.com
Also, should I be using htmlspecialchars before pushing it to the database?