1

So, I am trying to use htmlspecialchars() to protect my website but unfortunately I got stuck in this code:

<?php

function wrap_nome($firstname, $lastname)
{
$join = htmlspecialchars($firstname, ENT_QUOTES) . ' ' . htmlspecialchars($lastname, ENT_QUOTES);
if (mb_strlen($join) > 32)
{
$text = substr($join,0,32);
return $text . " ...";
}
else
{
return $join;
}
}

$nome = wrap_nome($firstname, $lastname);

echo '<span style="color:#7F7F7F;font-family:Arial;font-size:13px;"><b>' . $nome . '</b></span>';

?>

Initially I thought that the problem maybe was the fact that the string $nome had double and single quotes, then I removed them and found out that htmlspecialchars($lastname, ENT_QUOTES) continues to be echoed and htmlspecialchars($firstname, ENT_QUOTES) continues to give me an empty string!

If I do this:

echo '<span style="color:#7F7F7F;font-family:Arial;font-size:13px;"><b>' . htmlspecialchars($nome, ENT_QUOTES) . '</b></span>';

... It wont output anything.

Any ideas of what is causing this ?

Improve this question
2
  • yes both variables echo nicely anywhere in the page Commented Aug 19, 2014 at 0:06
  • if i remove htmlspecialchars() everything works Commented Aug 19, 2014 at 0:07

2 Answers 2

Reset to default
3

htmlspecialchars returns FALSE if it gets an error, which happens if $nome contains any characters that can't be represented in the specified character set. The character set defaults to ISO8859-1 before PHP 5.4, UTF-8 since then, try using htmlspecialchars($nome, ENT_QUOTES, 'iso8859-1').

If that doesn't work, see the list of character sets in the documentation and use the appropriate one for your names.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

What language is the name in?
Portuguese from Portugal
$nome = "F.á.b.i.o. .H.e.n.r.r.i.q.u.e."; from the database
What encoding is the DB using?
you where right the problem was the "á" caracter!!! I just removed it and it worked. I just have to find the correct character set
|
0

Simply replace

htmlspecialchars($str,ENT_QUOTES );

with

htmlentities($st ,ENT_QUOTES ,"UTF-8");

Improve this answer

4 Comments

Why should the one function work if the other does not? And they are not the same!
It's not the function that matters, it's the UTF-8 argument.
I know, but this should be in the answer.
So I get a downvote for adding the third argument character set? :(

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.