4

I have a text area and I would like to take the input of the text area and merge it all together. Everything works fine except that it's escaping the quotes. For example test's is outputted as test/'s

To fix this I tried htmlenttries such as, 

<?php $inputtext= $_POST['textinput'];
        $encodetext = htmlentities($inputtext);
        $finaltext = html_entity_decode($encodetext);

        echo '<p>'.$finaltext .'</p>';  ?>

This should work according to the html_entity_decode manual (unless I read it wrong which could very likely be the case)

Improve this question
4
  • Do you get "test/'s" or "test\'s"? Also, the code you posted doesn't print escaped quotes. Commented Dec 25, 2009 at 10:20
  • 2
    Do you have magic quotes enabled by any chance? Commented Dec 25, 2009 at 10:22
  • What are you hoping to accomplish by calling htmlentities followed by html_entity_decode? They are the inverses of each other, so html_entity_decode(htmlentities($str)) == $str. Commented Dec 25, 2009 at 10:24
  • Jan raises a very good point. Dump the original data as well as the processed data to make sure the original is as you expect. Commented Dec 25, 2009 at 10:25

3 Answers 3

Reset to default
7

The solution is probably for you to strip slashes.

The slashes are automatically added when data comes from POST or GET. This is known as magic quotes and by default are enabled.

You can remove these slashes by using stripslashes()

<?php

$text = $_POST['txtarea']; // from textarea
if(get_magic_quotes_gpc()){
  $text = stripslashes($text);
  // strip off the slashes if they are magically added.
}
$text = htmlentities($text);
// what htmlentities here does is really to convert:
//   & to &amp;
//   " to &#039;
//  and change all < and > to &lt; and &gt; respectively. this will automatically disable html codes in the text.
echo '<pre>'.$text.'</pre>';

?>

See: http://php.net/manual/en/function.stripslashes.php

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

NB:, get_magic_quotes_gpc() always returns FALSE as of PHP 5.4.0 doc, so the code should read now if ( get_magic_quotes_gpc() || version_compare(PHP_VERSION, '5.4.0', '>') ) {.
2

You need to use $encodetext = htmlentities ($inputtext, ENT_QUOTES); which will not try to escape the single and double quotes. Look under flags here: htmlentities

Improve this answer

Comments

1

Make sure you aren't passing second parameters in your calls to htmlentities and html_entity_decode. If you do, they will escape/unescape quotes differently. Check the description of the $quote_style parameter in the documentation for htmlentities and html_entity_decode.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.