问题
Say you have a text <INPUT> for a user's name and they decide to type in
Johnny's Pizza
This is saved in DB as
Johnny's Pizza
But if the user decides to edit, I repopulate the text <INPUT> as follows
echo form_input('name', htmlspecialchars($name, ENT_QUOTES, 'UTF-8'));
which will show as
Johnny's Pizza
inside the input field.
PHP.net has a comment here suggesting to use
echo form_input('name', htmlspecialchars($name, ENT_QUOTES, 'UTF-8', FALSE));
that is, FALSE referring to $double_encoding, but I still get
Johnny's Pizza
in the input field.
Is there a way around this double encoding? Is this something that can be fixed while still using ENT_QUOTES?
Using Codeigniter 2.0.3.
回答1:
Using htmlspecialchars is the correct approach, and won't give the result you describe if you output it directly into the page.
Presumably the form_input function expects to receive text and not HTML, so it runs htmlspecialchars itself. If so, the solution is to just pass it text and not encode the value for HTML first.
来源:https://stackoverflow.com/questions/8369433/avoiding-double-encoding-in-input-while-using-htmlspecialchars