php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8998 htmlspecialchars() DONT convert a string/array ONCE
Submitted: 2001-01-30 07:10 UTC Modified: 2001-03-20 05:37 UTC
From: lopez at pepe-lopez dot com Assigned:
Status: Closed Package: Strings related
PHP Version: 4.0.4pl1 OS: Debian/Linux
Private report: No CVE-ID: None
 [2001-01-30 07:10 UTC] lopez at pepe-lopez dot com
Please note:

$foo = "<a href="foo">..</a>";
$foo = htmlspecialchars($foo);

//now $foo is "&lt;a href="foo"&gt..&lt;/a&gt" 

$foo = "<a href="foo">..</a>";

//$foo is &lt;a href="foo"&gt..&lt;/a&gt; 
//although $foo is filled with a new value, $foo converts the string!


//sorry, my english is too poor to explain more

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-30 07:12 UTC] lopez at pepe-lopez dot com
ReEdit...
Please note:

$foo = "<a href="foo">..</a>";
$foo = htmlspecialchars($foo);

//now $foo is "& lt;a href="foo"& gt;..& lt;/a& gt;" 

$foo = "<a href="foo">..</a>";

//$foo is & lt;a href="foo"& gt;..& lt;/a& gt; 
//although $foo is filled with a new value, $foo converts the string!

 [2001-01-30 10:39 UTC] zak@php.net
The code in your example does not work due to problems with your string quoting.

$foo = "<a href="foo">..</a>";
// This is not a valid string
// PHP generates a parse error after the 2nd quote


Try this code snippet and let me know if it works:

<pre>
<?php
$foo = '<a href="foo">..</a>'."\n";
$foo = htmlspecialchars($foo);

print $foo;
// Should output &lt;a href=&quot;foo&quot;&gt;..&lt;/a&gt;

$foo = '<a href="foo">..</a>'."\n";

print $foo;
// Should output <a href="foo">..</a>
?>

 [2001-03-20 05:37 UTC] stas@php.net
Works for me. Most proboaly syntax error on user's side.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC