I've been at this for hours and can't seem to get anywhere.
I'm using XAMPP
for Apache 2.0
, PHP 5.5
, Chrome
and using Netbeans
for my editor.
I have an input text box which I want to validate before I use it to search a MYSQL
database. I use POST to get the input.
The input I'm using is "x/65!!!"how to
$searchtext = $_POST['searchbox'];
echo "<br />" . htmlspecialchars($searchtext);
echo "<br />htmlentitites: " . $searchtext;
echo "<br />strip slashes : " . stripslashes($searchtext);
echo "<br />internal encoding is: " . mb_internal_encoding();
and my result is:
for htmlspecialchars -> "x/65!!!"how to<b> //why isn't the <b> removed?
for htmlentities -> "x/65!!!"how to //shouldn't the forward slash be stripped out?
for stripslashes -> "x/65!!!"how to //shouldn't the '/' be stripped out?
for mb_internal_encoding-> ISO-8859-1 //My php.ini has UTF-8 as the default, I have meta content-type charset="UTF=8" and I though php 5.5 defaulted to UTF8
I'm copying from the PHP manual but I'm not getting their results. I suspect it's charset related but I'm not sure where to look anymore.
****Comments********
Jeff,
I changed the spelling of entities and used this string: <b>"'This \!'": /I
This is what I get with htmlspecialchars: "'This !'": /I and yes, everything is bold. All of my output is bold and I do not get any of
the escape chars showing: ""<>
Funny thing is though when I echo $_POST['searchbox']; It comes up without the but in bold nevertheless.
My mb_internal_encoding() is ISO-8859-1 even though on the beginning of the page I have a meta statement setting it to UTF-8 and for PHP I made the default UTF-8 by removing the semicolon.
I'm beginning to think my PHP interpreter is broken. I'll have to look at XAMPP to see what their recent version is.