Then thing is that I have a string to play with AFTER form submission.. So if user enters something like this "Say hello to Alex & Özgür" to my PHP file this will be sent like "Say hello to Alex & Özgİr". You see there are 2 ampersands here, and only one should be removed - the one just after "Alex ". As you say I can use JavaScript on the Browser(Client) side, but it an option I don't want to use. I want everything to be done on Server side to be 100% assured that everything worked fine. One way to do this is maybe using regular expression, so that i.e. say "Do not remove ampersand if it is followeb by # sign, 3 letters and ; right aferwards, in any other cases just remove it"..what do you think? And what will the reg. expr. be in this case? Any other suggestions? Regards, Muhammed Mamedov ----- Original Message ----- From: "Neil Smth" <php@xxxxxxxxxxxxxxxxxxxxxxxx> To: <php-db-digest-help@xxxxxxxxxxxxx> Cc: <muhammed@xxxxxxxxxx> Sent: Friday, December 19, 2003 2:27 AM Subject: Re:Subject: DB, XML and & sign htmlspecialchars() will deal with the following special characters : < > & And so you might find these will be converted into XML entities intact, and prevernt these causing problems. As you pointed out though, users can also enter other values which will cause problems in an XML parser, for example UTF-16 values in a parser expecting UTF-8. I recommend if possible, that you check for XML support in the browser. Then, use 'loadXML' or equivalent from the form field, and place this value.xml in a hidden form field. That way, your users browser will convert any unsafe characters to XML equivalents (usually 〹 format). If XML support fails (use a javascript try.... catch block or set the XML form field to empty), set another form field so you can switch on htmlspecialchars() at the server if required. Cheers - Neil. At 17:33 18/12/2003 +0000, you wrote: >Message-ID: <01d201c3c587$219dc370$1800a8c0@mm> >From: "Muhammed Mamedov" <muhammed@xxxxxxxxxx> >To: <php-db@xxxxxxxxxxxxx> >Date: Thu, 18 Dec 2003 18:51:06 +0200 >MIME-Version: 1.0 >Content-Type: multipart/alternative; > boundary="----=_NextPart_000_01CF_01C3C597.E5096E80" >Subject: DB, XML and & sign > >Hello everyone, > >I read input from user, then via XML send it to DB. >thing is that when user enters "&" sign XML is no more well-formatted, >what causes error. >Does anyone has any suggestions on how to remove & sign from user input, >considering that data entered by users can be multilingual, that is "ö" >character is being converted to some unicode "ê" character which also >contains "&" sign, but this one doesn't cause any problem - any other user >entered "&" signs should be removed or should be translated to unicode & >"!". > >Your help will be appreciated. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
