On Thu, July 12, 2007 6:08 pm, Dan wrote: > string htmlentities ( string $string [, int $quote_style [, string > $charset > [, bool $double_encode]]] ) > > This function is identical to htmlspecialchars() in all ways, except > with > htmlentities(), all characters which have HTML character entity > equivalents > are translated into these entities. > > This means that if there's an HTML equivelant it will translate into > that. > For example. ' and " don't have HTML equivelants, it is ', > anything > with a #number won't get translated. With htmlspecialchars it will. I think you've managed to confuse more than you've explained... " does have an HTML equivalent, it's " htmlspecialchars and htmlentities do the same thing to ", they turn it into " so it can be displayed as CONTENT in a webpage instead of possibly being mistaken for CODE. Both functions will also do exactly the same thing for < > & as well: Convert them to < > & respectively. htmlentities will ALSO convert every other goofy character into an HTML Equivalent, so it is safe to spew out to a browser, so the browser will know it's CONTENT and not CODE. htmlspecialchars will do NO conversion on anything but those special four chars, so is not save to apply unless you somehow magically "know" that the data contains no HTML-specific characters other than those four... IOW, htmlspecialchars is probably not real useful for general everyday PHP scripting, as it only escapes 4 our of a whole bunch of characters that need escapgin. htmlentities is irreplacable for general everyday PHP scripting, because it escapes all of them. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
