On Tue, 17 Jul 2007 17:59:01 -0500 (CDT), "Richard Lynch" wrote: > On Tue, July 17, 2007 2:03 pm, Nisse Engström wrote: >> On Fri, 13 Jul 2007 01:24:09 -0500 (CDT), "Richard Lynch" wrote: >>> >>> htmlspecialchars ONLY escapes four characters: < > & " >>> >>> htmlentities escapes ALL characters that need it >> >> What characters other than the four (or five) >> NEED escaping, and why? > > For example, some people occasionally find a need to write an o with > an umlaut over it. No way! :-) > And sometimes they might type that right into a database form of some > kind. > > And if that's being output, it needs to be converted to an HTML entity > so it will actually show up as an o with an umlaut, instead of, say, > capital A with a tilda followed by a paragraph symbol. > > Now, in some cases, if you are using UTF-8 (or UTF-16) and if the > browser is supporting that, and if you've got the right headers and > META tags, most modern browsers will do the right thing... If you don't have the right headers and the right META tags, you have bugs in your code. Are there any modern browsers that don't support UTF-8 and the 8859-encodings? > Or not, in the case of the reply window I'm typing into right now, > which has turned your name into: > > Nisse Engström > > instead of: > Nisse Engström > > There are actually SIMPLER characters involving only ASCII, but I [I assume you meant the so called "Extended ASCII". I can't see any issues with (7-bit) ASCII.] > thought this particular example would drive the idea home better :-) Not really. An o with an umlaut (which, by the way, is not an umlaut at all in my language but a letter in its own right) does not NEED escaping in the same way that the special chars do. > This script might help as well: > > <pre><?php > for ($o = 0; $o < 256; $o++){ > echo "$o: '", htmlspecialchars($o), "' versus '", > htmlentities($o), "'\n"; > } > ?></pre> [Replace "($o)" with "(chr($o))"] Both columns are the same unless I start mucking about with the browsers character encoding. What exactly is this supposed to prove? That you failed to provide a) the page's character encoding, and b) a charset argument to htmlentities()? /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php