On Thu, July 12, 2007 12:37 pm, Don Don wrote: > Am kind of confused between htmlspecialchars and htmlentities. I've > got data i need to display data on a page containing e.g. " but > will like it to be displayed as " > > htmlspecialchars or htmlentities or page character set ? htmlspecialchars ONLY escapes four characters: < > & " htmlentities escapes ALL characters that need it I honestly can think of no valid use for htmlspecialchars, to tell you the truth... There must be some use for it, though. Put it this way: Whatever data you have, it probably shouldn't contain HTML if you are asking this question, so you probably should be using htmlentities to escape everything and be safe. If it DOES have HTML in it, and you want that HTML to get to the browser, I'm concerned that you don't understand just how dangerous that is... http://phpsec.org/ -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
