0

I have a form in which I want to enter elements that will later be assembled into HTML documents. What I am entering, and what I need to end up with, often includes things such as   é, —, and related elements. The editor went and converted those for me, exactly what I'm trying to avoid! What I typed as examples were the HTML codes for a non-breaking space (ampersand-n-b-s-p-semicolon), the letter e with an acute accent (ampersand-e-a-c-u-t-e-semicolon), and an em-dash (ampersand-m-d-a-s-h-semicolon).

I need to have those strings preserved. I want them saved in the database, which they are once, but when I resubmit the page with 20 or so fields on it, because I've made a change to some other field, then I end up with the code being rendered. But I don't want it rendered, I want it preserved so that the browser will render my final document correctly. After submitting it a second or third time, I invariably end up with garbage where my entities had been.

I've tried mysql_real_escape_string(), htmlentities(), htmlspecialcharacters(), even html_entity_decode(htmlentities()) and nothing works. I end up with various levels of nonsense.

I do not need the system to take an em-dash or an accented character and turn it into the entity, although that wouldn't hurt. I just want it to preserve the codes that I've put in.

How do I do this? (And why is it so much work?)

Van

Here's the form field:

<textarea name="qih_quote" cols="75" rows="5" wrap="soft"><?php echo $s['qih_quote'];?></textarea>

Here's the line in the submit script that reads that:

$qih_quote = $_POST['qih_quote'];

I've wrapped the $_POST variable in just about everything I can think of as mentioned above. All I want is for the exact string that I put in that textarea to be saved in the table, to be displayed in the textarea when I come back to it, and to be saved to the table again without any modifications at any time.

Improve this question
3
  • 2
    Form submission and the database shouldn't do anything special with entities. Use htmlentities() when echoing them back to the page to prevent them from being interpreted by the browser. I can't give a real answer, since you haven't posted any code to correct. Commented May 7, 2013 at 6:28
  • Can you show what you input, and where exactly it gets converted? Commented May 7, 2013 at 6:29
  • Here's the form field: - okay, that doesn't work because I can't hit <enter> in a comment. Commented May 7, 2013 at 19:53

3 Answers 3

Reset to default
1

Try to ensure you have the correct collation in the MySQL table you are saving the data in so that the special characters are preserved, such as utf8_general_ci, which should handle unicode.

Then try using htmlspecialchars() when saving the data into the database and htmlspecialchars_decode() when reading the data.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Relational databases were invented some decades before the World Wide Web. I can assure you that HTML doesn't cause any harm in SQL context.
1

Okay, the issue was in the form textarea and I needed to encode HTML entities there. This is the final solution:

<textarea name="qih_quote" cols="75" rows="5" wrap="soft"><?php echo htmlspecialchars ($s['qih_quote'], ENT_QUOTES);?></textarea>

Van

Improve this answer

Comments

0

I think anyone with this issue might want to have a look at html_entity_decode instead of htmlspecialchars. The former renders ALL html entities as strings, whereas the latter only works on a small subset, at least according to the documentation I read.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.