One difficulty that a lot of web developers face is handling of html entities. If you are a beginner web developer you’ll probably notice that some text partially disappears from your edit controls from time to time. Well, the reason it disappears is that the text that the visitor typed into the control contained some character that conflicted with the html code that handled the display of the text.
Say you have this html code:
<input type="text" />
Now, if you try to dynamically load some text into the value part of the input using, say, a php variable, you’d write it like this:
echo "<input type="text" value="$text" />";
The variable $text gets replaced with real text before the html code gets to the browser. And what if it contains an apostrophe? For example, try this:
$text = "Chris' blog";
Well, you’ll never see the “blog” part, only “Chris”, because the html parser will expand it like this:
... value='Chris' blog' />...
So “value” will actually only contain “Chris”, and the rest will be ignored as some faulty html code.
The solution is to encode the html entities into their html-friendly representations using the PHP htmlentities() function. After encoding “Chris’ blog”, you’ll get:
Chris' blog
In other words, the apostrophe got replaced with ‘, which displays exactly the same in the browser, but won’t interfere with our html code.
Of course including the entire htmlentities() function in every input value is a bit messy, so we can make it simpler. Let’s create a function with a shorter name:
function v($string)
{
return htmlentities($string, ENT_QUOTES);
}
To use this function in real life, we’d write:
echo "<input type="text" />";
Simple, easy and clean.
