Articles
Ce document est aussi disponible en français 
html_entity_decode() is the reverse of htmlentities() : it will convert HTML entities in a string back to normal charset. The full conversion table is available here, or within PHP with get_html_translation_table()
Example 1 - Wordwrap a string including HTML entities
html_entity_decode() is used to turn an HTML entity loaded string into a regular string.
<?php $mystring = mysql_result($mysql_query,1); $chaine = wordwrap(html_entity_decode($mystring,ENT_QUOTES,'ISO-8859-1'),50); // we decode the original string, so as not to be bothered by the entities echo $chaine; ?>
Example 2 - using the transformation table htmlentities() is a convenient way to protect oneself against XSS attacks.
<?php function decode($text){ $trans_tbl = get_html_translation_table(HTML_ENTITIES,ENT_COMPAT); $trans_tbl = array_flip($trans_tbl); $text = strtr($text, $trans_tbl); return $text; } ?>
Example 3 - Protection against XSS
<?php $bad_str_posted_on_forum = "<script>alert('XSS attack!')</script>"; $display_forum = htmlentities($bad_str_posted_on_forum,ENT_QUOTES,'ISO-8859-1'); echo $display_forum; ?>Keep in mind
- Be careful when choosing the charset for the resulting string : PHP may not recognise it.
html_entity_decode(), htmlentities(), get_html_translation_table() et htmlspecialchars() are all cousins.
- This function is often useful to many other languages than English, especially the european ones.
| < Précédent | Suivant > |
|---|
Commentaires
Vous pouvez ajouter votre commentaire! |
Vous devez vous connecter pour commenter