htmlentities() bites the dust

Feb 10, 2004

I've used the PHP function htmlentities() for years, making my text safe to print to the screen and still remain XHTML Strict.

Well, all that changed today when I discovered the not only does htmlentities() make a string safe to print, it also translates UTF-8 encoded characters into so much gibberish.

So instead of htmlentities(), I now use htmlspecialchars() which only translates a select few characters. And looking back, unless there's a really, really, really good reason, you should always be using htmlspecialchars()

I learn something new every day :/

Orca Script Rebuild Why you shouldn't use CSS selector bugs

Comments closed