php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #8998 htmlspecialchars() DONT convert a string/array ONCE
Submitted: 2001-01-30 07:10 UTC Modified: 2001-03-20 05:37 UTC
From: lopez at pepe-lopez dot com Assigned:
Status: Closed Package: Strings related
PHP Version: 4.0.4pl1 OS: Debian/Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lopez at pepe-lopez dot com
New email:
PHP Version: OS:

 

 [2001-01-30 07:10 UTC] lopez at pepe-lopez dot com 
Please note:

$foo = "<a href="foo">..</a>";
$foo = htmlspecialchars($foo);

//now $foo is "&lt;a href="foo"&gt..&lt;/a&gt" 

$foo = "<a href="foo">..</a>";

//$foo is &lt;a href="foo"&gt..&lt;/a&gt; 
//although $foo is filled with a new value, $foo converts the string!


//sorry, my english is too poor to explain more

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-30 07:12 UTC] lopez at pepe-lopez dot com 
ReEdit...
Please note:

$foo = "<a href="foo">..</a>";
$foo = htmlspecialchars($foo);

//now $foo is "& lt;a href="foo"& gt;..& lt;/a& gt;" 

$foo = "<a href="foo">..</a>";

//$foo is & lt;a href="foo"& gt;..& lt;/a& gt; 
//although $foo is filled with a new value, $foo converts the string!
 [2001-01-30 10:39 UTC] zak@php.net 
The code in your example does not work due to problems with your string quoting.

$foo = "<a href="foo">..</a>";
// This is not a valid string
// PHP generates a parse error after the 2nd quote


Try this code snippet and let me know if it works:

<pre>
<?php
$foo = '<a href="foo">..</a>'."\n";
$foo = htmlspecialchars($foo);

print $foo;
// Should output &lt;a href=&quot;foo&quot;&gt;..&lt;/a&gt;

$foo = '<a href="foo">..</a>'."\n";

print $foo;
// Should output <a href="foo">..</a>
?>
 [2001-03-20 05:37 UTC] stas@php.net 
Works for me. Most proboaly syntax error on user's side.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 17:01:58 2024 UTC