1

I'm trying to save the contents of a WYSIWYG input into an Oracle database. Here's what I'm using:

$data = htmlentities($_POST['data'], ENT_QUOTES, "UTF-8");

My expectation is that when I'm going to put John's as the value for the input, it will be saved on the database as John's, but instead it is being saved as John'.

To me it looks like a double HTML entity encoding issue.

Can you help me fix this?

Improve this question
6
  • i suspect it's oracle escaping characters, however, to make sure try to var_dump($data) (also, var_dump($_POST['data'])) and look for it's output to be sure. Commented Dec 3, 2015 at 19:41
  • Maybe the WYSIWYG is converting it once? Why do you need to encode 's to their entity, hopefully not to avoid SQL injections? Commented Dec 3, 2015 at 19:48
  • @chris85 What's the general practice in saving the contents of a WYSIWYG input? Commented Dec 3, 2015 at 19:51
  • It depends what the WYSIWYG is set up to send and how you are going to use that output later. Your user input shouldn't go directly into a SQL query though. Commented Dec 3, 2015 at 19:54
  • @chris85 I at least know that part that's why I'm using htmlentities. The only reason why I'm trying to escape ' is because on my query I use single quotes to denote strings. Commented Dec 3, 2015 at 19:57

1 Answer 1

Reset to default
0

Browsing through the documentation, I noticed that the last parameter is a boolean for double encoding.

$data = htmlentities($_POST['data'], ENT_QUOTES, "UTF-8", false);

did the trick.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.