PHP strip_tags plus htmlspecialchars

https://stackoverflow.com/questions/21816799

mysql
htmlspecialchars
strip-tags

12-10-2022
|

Pergunta

Whenever I input into database I use the strip_tags function and whenever I output information I use htmlspecialchars. That said, if I introduce into database something like:

Hello, Mr. John. "Come on.."

The output is:

Hello, Mr. John. \"Come on..\"

How can I avoid this?

Solução

When using htmlspecialchars on your output, the result you get is \"Come on..\" unless ENT_NOQUOTES is set.

To get the original string Hello, Mr. John. "Come on.." you have to

$result = htmlspecialchars_decode( stripslashes($raw) );

or $result = htmlspecialchars(stripslashes($raw), ENT_NOQUOTES); when you're calling htmlspecialchars

Licenciado em: CC-BY-SA com atribuição

Não afiliado a StackOverflow