Domanda
I am trying to do some htmlentities. However, the hyperlinks are now broken due to them being converted to the html codes, wanting to do this as for some stupid reason the university has given us all the same password for the servers.
Last year I almost failed as someone went onto my server and filled with the javascript and css hacks, so this will prevent it, however it's not much use if the hyperlink won't work, so how do I prevent this? Here's the code I have so far for this specific area:
https://stackoverflow.com/questions/20622101
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$sub = substr($row['content'],0,300).'.......... <a href="blogpost.php?id='.$row['id'].'">See full article</a>';
echo htmlentities($sub,ENT_QUOTES,"UTF-8");
If anyone can help, it's much appreciated, thanks.
Soluzione 2
Don't apply htmlentities over the whole link, but on the values you actually want to escape, like this
$sub = htmlentities(substr($row['content'],0,300), ENT_QUOTES, 'UTF-8') . '.......... <a href="blogpost.php?id=' . htmlentities($row['id'], ENT_QUOTES,'UTF-8') .'">See full article</a>';
echo $sub;
Altri suggerimenti
I think you're applying htmlentities() on too much of your output. Just do it like this:
<?php echo htmlentities(substr($row['content'],0,300)).
'…<a href="blogpost.php?id="'.htmlentities($row['id']).'">See full article</a>'; ?>
