Gyohdon Posted December 30, 2010 Share Posted December 30, 2010 Am I correct to assume that 'htmlspecialchars($var, ENT_QUOTES)' does the same as htmlspecialchars+addslashes? Link to comment Share on other sites More sharing options...
jeffman Posted December 30, 2010 Share Posted December 30, 2010 No. The first translates single into their HTML entity, specifically ' addslashes puts an escape character (the backslash) before single quote, double quote, backslash and NUL.The former is used to cause characters to appear as themselves, and not to have their usual meaning in HTML. This keeps a user from posting HTML and then your code accidentally adding unwanted HTML elements into another page. You would only use this function if you expect the encoded data to be presented as HTML in the future.The latter causes characters in a string to be interpreted as themselves. One purpose of this is to keep a PHP string from terminating prematurely and causing an error. A NUL would also cause a string to terminate early, through maybe not with an error. In the case of the backslash, escaping it keeps the character from being understood as an escape character, and causing results that your user may not have intended. This function doesn't do much for HTML, but it can keep bad behavior from happening in your PHP runtime. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.