Page 112 - Open Soource Technologies 304.indd
P. 112
Web Technologies-I
Notes Entity-quoting only HTML syntax characters
The htmlspecialchars( ) function converts the smallest set of entities possible to generate valid
HTML. The following entities are converted:
• Ampersands (&) are converted to &
• Double quotes (“) are converted to "
• Single quotes (‘) are converted to ' (if ENT_QUOTES is on, as described for
htmlentities( ))
• Less-than signs (<) are converted to <
• Greater-than signs (>) are converted to >
If you have an application that displays data that a user has entered in a form, you need to run
that data through htmlspecialchars( ) before displaying or saving it. If you do not, and the user
enters a string-like “angle < 30” or “sturm & drang”, the browser will think the special characters
are HTML, and you will have a garbled page.
Like htmlentities( ), htmlspecialchars( ) can take up to three arguments:
$output = htmlspecialchars(input, [quote_style, [charset]]);
The quote_style and charset arguments have the same meaning that they do for htmlentities( ).
There are no functions specifically for converting back from the entities to the original text,
because this is rarely needed. There is a relatively simple way to do this, though. Use the
get_html_translation_table( ) function to fetch the translation table used by either of these functions
in a given quote style. For example, to get the translation table that htmlentities( ) uses, do this:
$table = get_html_translation_table(HTML_ENTITIES);
To get the table for htmlspecialchars( ) in ENT_NOQUOTES mode, use:
$table = get_html_translation_table(HTML_SPECIALCHARS, ENT_NOQUOTES);
A nice trick is to use this translation table, flip it using array_flip( ), and feed it to strtr( ) to apply
it to a string, thereby effectively doing the reverse of htmlentities( ):
$str = htmlentities(“Einstürzende Neubauten”); // now it is encoded $table = get_html_
translation_table(HTML_ENTITIES); $rev_trans = array_flip($table); echo strtr($str,$rev_trans);
// back to normal Einstürzende Neubauten
You can, of course, also fetch the translation table, add whatever other translations you want
to it, and then do the strtr( ). For example, if you wanted htmlentities( )to also encode spaces to
s, you would do:
$table = get_html_translation_table(HTML_ENTITIES); $table[‘ ‘] = ‘ ’; $encoded =
strtr($original, $table);
Removing HTML Tags
The strip_tags( ) function removes HTML tags from a string:
$input = ‘<p>Howdy, "Cowboy"</p>’; $output = strip_tags($input); // $output is
‘Howdy, "Cowboy"’
The function may take a second argument that specifies a string of tags to leave in the string. List
only the opening forms of the tags. The closing forms of tags listed in the second parameter are
also preserved:
$input = ‘The <b>bold</b> tags will <i>stay</i><p>’; $output = strip_tags($input, ‘<b>’); //
$output is ‘The <b>bold</b> tags will stay’
106 LOVELY PROFESSIONAL UNIVERSITY
