Jump to content

Search the Community

Showing results for tags 'htmlentities'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • W3Schools
    • General
    • Suggestions
    • Critiques
  • HTML Forums
    • HTML/XHTML
    • CSS
  • Browser Scripting
    • JavaScript
    • VBScript
  • Server Scripting
    • Web Servers
    • Version Control
    • SQL
    • ASP
    • PHP
    • .NET
    • ColdFusion
    • Java/JSP/J2EE
    • CGI
  • XML Forums
    • XML
    • XSLT/XSL-FO
    • Schema
    • Web Services
  • Multimedia
    • Multimedia
    • FLASH

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Languages

Found 2 results

  1. hi everyone, i am basically new to this forum so i didn't really know where to post this question, basically what happened i made a site. on this site is a particular commenting system where i used php ajax on the jquery way, my teacher saw my website and wanted to test something so he left a comment with <b>exampe</b> and his comment turned out to be bold text. to me and the safety of my site it is a dangerous thing as peope are required to leave their email in the form (not shown in actual comment but saved in the db) he also said that with his knowlege he could use <script>alert(document.cookie)</script> to make me use his cookie to log in to phpmyadmin, esentially granting him acces to all my databases. now is my question "how can i use htmlentities() on ajax?" he suggested "$comment = htmlentities( $_POST['comment'] );"but since all of my fields are written like this: $commentId = isset($_POST['comment_id']) ? $_POST['comment_id'] : ""; $comment = isset($_POST['comment']) ? $_POST['comment'] : ""; $commentSenderName = isset($_POST['name']) ? $_POST['name'] : ""; $date = date('Y-m-d H:i:s'); there is no way i can figure out where to put it... these are my php files, take a loo if you wish, but i removed my db.php database password and replaced my database name in the form (for security reasons) (you may lso see comments.php as index.php since i already had index so i renamed it to something else comment-add.php comment-list.php comments.php comment-add.php comment-list.php comments.php db.php
  2. Hi everyone. Anyone noticed that htmlentities() aren't working in php? Nor are htmlspecialcharacters. See: https://www.w3schools.com/php/phptryit.asp?filename=tryphp_func_string_htmlentities Any ideas?? I have also written a quick and dirty test routine which I have run on my server: <?php if(isset($_POST['char'])) { $char = $_POST['char']; $char2 = htmlspecialchars($char); $char3 = htmlentities($char); echo 'Teclado: ' . $char . '<br /><br />'; echo 'Repuesta 1: ' . $char2 . '<br /><br />'; echo 'Repuesta 2: ' . $char3; } echo '<form action = "char_test.php" method = "post"> <input type = "text" name = "char" size = "6"> <input type = "submit" name = "submit" value = "Search!" /> </form>'; It runs but doesn't return any ASCII entities. HELP!! Max
×
×
  • Create New...