php,html-entities,htmlspecialchars
It is working. You are outputting Bob's House (or similar). But since you're in a browser, it sees the ' and replaces it with '. Want proof? Right-click and View Source. More proof? echo strlen($test) . " -- " . strlen(htmlentities($test,ENT_QUOTES));...
php,arrays,loops,htmlspecialchars
You can use the array_walk_recursive() function - http://php.net/manual/en/function.array-walk-recursive.php array_walk_recursive($view['data'], function(&$item) { $item = htmlspecialchars($item); }); ...
php,xml,htmlspecialchars,xml-entities
try this: html_entity_decode("your_string") ...
php,security,mysqli,xss,htmlspecialchars
I am using filter_input() to filter any data that comes from user before inserting into database. This is a bad practice. Do not mangle your data before you insert it into a database. It's 2015; don't sanitize, use prepared statements instead. $db = new \PDO( 'mysql:host=localhost;dbname=mydatabase;charset=UTF-8', $username, $password );...
php,mysql,string,special-characters,htmlspecialchars
There is nothing special about the & character in a string in php. The only way you can get the result you get (everything after the & is not stored...), is when you send the data to your php script and you are building the data string manually without encoding...
If you want the browser to display the special characters you should write something like this: <?php $test = htmlspecialchars(str_replace(array("'", "\""), "", htmlspecialchars("<a>w3s.com</a>"))); echo $test; ?> Output: <a>w3s.com</a> This way you escape the special characters in order to let the browser draw them If you want to see HTML entities...
You can look the page source and you will see that the value is ' " / /n /t <> It is ok to use it in your case Already answered here: How to properly escape html form input default values in php?...
php,html,htmlspecialchars,addslashes
addslashes is irrelevant to XSS (and there is almost always something better in places where it is actually useful). htmlspecialchars is not an unsafe approach. It is just insufficient by itself. htmlspecialchars will protect you if you put the content as the body of a "safe" element. It will protect...
angularjs,cordova,special-characters,ionic,htmlspecialchars
I solved it myself. I changed the file encodings in IntelliJ (setting -> editor -> file encodings).
javascript,jquery,html,textarea,htmlspecialchars
To check you can create an element in the DOM, inject the comment into it and use [element].getElementsByTagName('*') to check for any html element. If its length is not 0, there are html elements in the comment. Something like: document.querySelector('#check').addEventListener('click', doCheck); function doCheck(e) { var chkEl = document.createElement('div'), isok, report,...
You can specify a third parameter to htmlspecialchars() which changes the character set. This works, for example: echo htmlspecialchars('Peter Mørk',null,'ISO-8859-1'); ...
javascript,replace,htmlspecialchars
Simply change your updateCurrency function for this simpler one and you'll see that € and £ are replaced (when switching between currencys): function updateCurrency(elem){ if(elem.value === 'sterling'){ var newCurrency = '£'; var oldCurrency = '€'; } else { var newCurrency = '€'; var oldCurrency = '£'; } var maxValue =...