Why are my htmlspecialchars and str_replace not working?

Question

Why are my htmlspecialchars and str_replace not working?

For my example, please visit http://jflaugher.mystudentsite.net/cmweb241/cmweb241_lab2.html

I just need htmlspecialchars to work and the str_replace function to remove double and single quotes. Why doesn't this work for me? I am very new to PHP: /

 <?php
  $username = str_replace(array("'", "\""), "", htmlspecialchars($_POST['username']));
  $password = str_replace(array("'", "\""), "", htmlspecialchars($_POST['password']));
  $comment = str_replace(array("'", "\""), "", htmlspecialchars($_POST['comment']));

  echo " <p>Your Username is: $username . </p>";
  echo " <p>Your Password is: $password . </p>";
  echo " <p>Your Comment was: $comment . </p>";

?>

+3

php

Jeremy Flaugher 08 Feb 13 at 4:05

source to share

2 answers

The previous answer is correct.

You are applying the first htmlspecialchars function. It converts every double quote to "and every single quote numbered # 039;. These special characters are displayed in the web browser as double and single quotes, respectively.

You must apply the first str_replace. Correct code:

<?php
foreach(array('comment', 'password', 'username') as $key) {
    $$key = empty($_POST[$key]) ? null : htmlspecialchars(str_replace(array("'", '"'), '', $_POST[$key]));
    echo " <p>Your " . $key. " is: " . $$key . "</p>";
}
?>

+1

Alexander Elgin 08 Feb At 4:39 am

source to share

Yogesh suthar · Accepted Answer · 2013-02-08T04:20:06+0000

use it in reverse order as pointed out by Alex Lunix

$username = htmlspecialchars(str_replace(array("'", "\""), "", $_POST['username']));

Why are my htmlspecialchars and str_replace not working?

More articles: