php htmlentities to decode textarea

Question

Hi, I have a text area and I would like to take the input of the text area and merge it all together. Everything works fine except that it's escaping the quotes. For example test's is outputted as test/'s

To fix this I tried htmlenttries such as,

<?php $inputtext= $_POST['textinput'];
     $encodetext = htmlentities($inputtext);
     $finaltext = html_entity_decode($encodetext);

     echo '<p>'.$finaltext .'</p>';  ?>

This should work according to the html_entity_decode manual (unless I read it wrong which could very likely be the case)

thanks, Brooke

Answer 1

Make sure you aren't passing second parameters in your calls to htmlentities and html_entity_decode. If you do, they will escape/unescape quotes differently. Check the description of the $quote_style parameter in the documentation for htmlentities and html_entity_decode.

Answer 2

Merry Christmas.

The solution is probably for you to strip slashes.

The slashes are automatically added when data comes from POST or GET. This is known as magic quotes and by default are enabled.

You can remove these slashes by using stripslashes()

<?php

$text = $_POST['txtarea']; // from textarea
if(get_magic_quotes_gpc()){
  $text = stripslashes($text);
  // strip off the slashes if they are magically added.
}
$text = htmlentities($text);
// what htmlentities here does is really to convert:
//   & to &amp;
//   " to &#039;
//  and change all < and > to &lt; and &gt; respectively. this will automatically disable html codes in the text.
echo '<pre>'.$text.'</pre>';

?>

See: http://php.net/manual/en/function.stripslashes.php