views:

191

answers:

4

Hello. I'm having a bit of a problem. I am trying to create an IRC bot, which has an ampersand in its password. However, I'm having trouble putting the ampersand in a string. For example...

<?php

$var = "g&abc123";

echo $var;

?>

I believe this should print g&abc123. However it's printing g.

I have tried this as well:

<?php
$arr = array("key" => "g&abc123");
print_r($arr);
?>

This prints it correctly with the g&abc123, however when I say echo $arr['key']; it prints g again. Any help would be appreciated. I'm running PHP5.3.1.

EDIT: Also, I just noticed that if I use g&abc123&abc123 it prints g&abc123. Any suggestions?

+4  A: 

Look at the source code, it will be printing the correct code.

If you want it to print out correctly in HTML, then run htmlentities on it or make the & &amp;

Kerry
I checked the source code, it only says `g`.
John
Then something is wrong with your server -- I just tested it (copied and pasted your code): http://www.phoenixdev.net/test-2.php
Kerry
No Kerry, in Chrome I get the same results. ;) Doesn't happen in Firefox though.
John
Kerry
Kerry
Yes, I said that up there. ^
John
+4  A: 

I don't have that issue in a console:

php > $d="g&abc123";
php > echo $d;
g&abc123

What environment are you printing the output to? It sounds like you are viewing it in a web browser, and the & is being interpreted as a malformed HTML entity. Try replacing the & symbol with the entity encoded version &amp;.

Alex JL
John
You can automatically transform text into this form with the PHP htmlentities function, and decode with html_entity_deocode - see http://php.net/manual/en/function.html-entity-decode.php If you're sending it somewhere, etc. you can be confident the value sent is the value as shown by print_r.
Alex JL
You're right. I tried this in Firefox and it doesn't happen. It seems to be a Chrome problem. Thanks!
John
A: 

View the web page source to make sure your variable contains the correct value.

Anax
I did that 18 minutes ago...
John
+1  A: 

You're probably sending your output to a Web browser.

The correct way of doing it is

In HTML, XHTML and XML, the ampersand has a special meaning. It is used for character entities. You can think of it as an escape sequence of sorts.

For instance, in PHP, this would be illegal:

$variable = 'It's Friday';

This is because the apostrophe is interpreted by PHP as the end of your string, and the rest of your content looks like garbage.

Instead, you have to say:

$variable = 'It\'s Friday';

Similarly, in HTML and XHTML, you can't say

<h1>Inequalities</h1>
<p> x<yz+3 </p>

This is because it would be interpreted as an element.

Instead, you'd have to say:

<h1>Inequalities</h1>
<p> x&lt;yz+3 </p>

Now, as you can see, the ampersand itself has a special meaning and, therefore, needs to be escaped as &. htmlspecialchars() will do it for you.

MapDot
John
Unfortunately, browsers were designed to accept just about anything you throw at them, but how it's handled is subject to interpretation. The HTML5 team is trying to create a standard for the handling of "tag soup"... I'm personally not too happy about that, but what can I do? I recommend that you create an alias for echo htmlspecialchars($text); Example: function h($text) { echo htmlspecialchars($text); }
MapDot