So, I am trying to use htmlspecialchars() to protect my website but unfortunately I got stuck in this code:
<?php
function wrap_nome($firstname, $lastname)
{
$join = htmlspecialchars($firstname, ENT_QUOTES) . ' ' . htmlspecialchars($lastname, ENT_QUOTES);
if (mb_strlen($join) > 32)
{
$text = substr($join,0,32);
return $text . " ...";
}
else
{
return $join;
}
}
$nome = wrap_nome($firstname, $lastname);
echo '<span style="color:#7F7F7F;font-family:Arial;font-size:13px;"><b>' . $nome . '</b></span>';
?>
Initially I thought that the problem maybe was the fact that the string $nome had double and single quotes, then I removed them and found out that htmlspecialchars($lastname, ENT_QUOTES) continues to be echoed and htmlspecialchars($firstname, ENT_QUOTES) continues to give me an empty string!
If I do this:
echo '<span style="color:#7F7F7F;font-family:Arial;font-size:13px;"><b>' . htmlspecialchars($nome, ENT_QUOTES) . '</b></span>';
... It wont output anything.
Any ideas of what is causing this ?
htmlspecialchars returns FALSE if it gets an error, which happens if $nome contains any characters that can't be represented in the specified character set. The character set defaults to ISO8859-1 before PHP 5.4, UTF-8 since then, try using htmlspecialchars($nome, ENT_QUOTES, 'iso8859-1').
If that doesn't work, see the list of character sets in the documentation and use the appropriate one for your names.