A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2008 yearhtmlspecialchars and json encode problem - page 1
User InfoPosts
htmlspecialchars and json encode problem#1
I am trying to format some bad html to output into a pop window. The html is stored in a field in a mysql database.

I have been performing json_encode and htmlspecialchars on the row in the php like so:

$html = htmlentities(json_encode($row2['ARTICLE_DESC']));

and calling my makewindows function, which simply takes the html as a paramter and uses it withdocument.write like so:

  <p><a href='#' onclick=\"makewindows('".$html."'); return false;\">Click for full description </a></p>

This works ok, as in some html code is produced, such as the following:


pasted there because I do not know how to wrap lines in SO

The problem is that htmlspecialchars does not seem to be stripping bad html data, as no popup window is created. The error I receive with firebug is

missing ) after argument list

However the html is outside of my control.

From what I have read, I am taking the correct steps. If I am missing something out, what is it?

My full make windows function:

function makewindows(html){
child1 = window.open ("about:blank");

posted date: 2008-12-17 02:15:00

Re: htmlspecialchars and json encode problem#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2008-12-17 02:15:01

Re: htmlspecialchars and json encode problem#3
You shouldn't have the single quotes in the function call. It should look like this:<p><a href='#' onclick=\"makewindows(" . $html . "); return false;\">Click for full description </a></p>Then the output will look like<p><a href='#' onclick="makewindows(&quot;.....&quot;); return false;">Click for full description </a></p>which is correct.

posted date: 2008-12-17 02:26:00

Re: htmlspecialchars and json encode problem#4
Try it the following way:$html = htmlentities(json_encode($row2['ARTICLE_DESC']),ENT_QUOTES);I think the single quotation marks are not escaped by default.Nevertheless I recommend you saving the html in a JavaScript variable before opening the window.

posted date: 2008-12-17 02:27:00

Re: htmlspecialchars and json encode problem#5
htmlentities and htmlspecialcharacters were extremely frustrating when I wrote PHP and had to write my own custom parser to resolve (or strip) special characters. Can you set up your database tables to only allow a certain charset or validate the data before insert?

posted date: 2011-01-04 02:09:00

select page: « 1 »
Copyright ©2008-2017 www.momige.com, all rights reserved.