Why are my htmlspecialchars and str_replace not working?
For my example, please visit http://jflaugher.mystudentsite.net/cmweb241/cmweb241_lab2.html
I just need htmlspecialchars to work and the str_replace function to remove double and single quotes. Why doesn't this work for me? I am very new to PHP: /
<?php
$username = str_replace(array("'", "\""), "", htmlspecialchars($_POST['username']));
$password = str_replace(array("'", "\""), "", htmlspecialchars($_POST['password']));
$comment = str_replace(array("'", "\""), "", htmlspecialchars($_POST['comment']));
echo " <p>Your Username is: $username . </p>";
echo " <p>Your Password is: $password . </p>";
echo " <p>Your Comment was: $comment . </p>";
?>
+3
source to share
2 answers
The previous answer is correct.
You are applying the first htmlspecialchars function. It converts every double quote to "and every single quote numbered # 039;. These special characters are displayed in the web browser as double and single quotes, respectively.
You must apply the first str_replace. Correct code:
<?php
foreach(array('comment', 'password', 'username') as $key) {
$$key = empty($_POST[$key]) ? null : htmlspecialchars(str_replace(array("'", '"'), '', $_POST[$key]));
echo " <p>Your " . $key. " is: " . $$key . "</p>";
}
?>
+1
source to share