htmlentities - utf8 - PHP Server Side Scripting forum at WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

htmlentities - utf8

What's the difference between them when utf8 is supplied

Tommybs

8:32 pm on Mar 30, 2009 (gmt 0)

Hi,

Can anyone explain to me what the difference is in using utf8_encode and including utf8 in the htmlentities function?

I'm just looking into prevent xss and I was reading about using the utf8_encode function but then I noticed it can also be passed in to htmlentities as a parameter.

Many Thanks

coopster

7:50 pm on Apr 7, 2009 (gmt 0)

No, quite honestly I cannot except that the latter was written specifically for converting entities that would otherwise be rendered as HTML code. There is indeed a difference though as you will notice if you just test them by using each on a string containing characters that will be converted.

<pre> 
<?php 
$some_string = "test\ntext&<>text\r\n"; 
file_put_contents('utf8.txt', utf8_encode($some_string) . "\n\n"); 
file_put_contents('utf8.txt', htmlentities($some_string, ENT_COMPAT, 'UTF-8'), FILE_APPEND); 
?> 
</pre>

I created "utf8.txt" as a file of type UTF8 charset encoding and the strings written to the file are different. You could merely print the values to the browser and "view source" to see the same thing I am seeing in the utf8.txt file. I only did that so I could view the contents with a hex editor to see if anything else stuck out.