PHP - Having more than one htmlentities() in your code

I just came across building a CRUD application in PHP, and the instructor was reminding us about the use of htmlentities() in order to avoid HTML injections, and he then goes to say that htmlentities shouldnt be called more than once in your code, my question is very simple...why?

Cheers

Solution

Because calling it a second time on the same value can double-encode it.

Taking the example from the PHP docs:

$str = "A 'quote' is <b>bold</b>";

$firstEntity = htmlentities($str);
// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;

Now if we run that through htmlentities() again it will encode the ampersands that the first htmlentities() call created and you'll end up with a double-encoded string:

$secondEntity = htmlentities($firstEntity);
// Outputs: A 'quote' is &amp;lt;b&amp;gt;bold&amp;lt;/b&amp;gt;

How to remove all non printable characters in a string?
How to display WooCommerce product long description in the head?
Is there a way to enforce a unique column using doctrine2?
Authorize.net refund Transaction error: has invalid child element 'payment' in namespace
cURL with SSL certificates fails: error 58 unable to set private key file
PHPUnit: get arguments to a mock method call
How to test Symfony standalone bundle
Retrieve .htaccess login name from PHP
Sort a 2d array by a column and obey a dynamic direction variable
Sort a flat array ascending
Calling sort() inside of a foreach() does not affect the original array
Loop only stores the last row while trying to build a 2d array while looping a query result set
xampp is not showing .php files saved in htdocs folder
Populate a 2d array from a query result and use a column value as the first level keys
how to declare punch of array variable in Excel using PHPExcel??/
How can I detect all symbols on mathematical operators on PHP using regex?
PHP response triggers HEX view in Edge debugger
Populate a grouped multidimensional array from parsed HTML content
Sort rows of a 2d array by its first column descending
Duplicate and append each row of a 2d array using a flat aray
PHP reading shell_exec live output
PHP script not running with www-data cron
laravel 8 , I have a relationship between 3 tables attribute and value and ad
Store related items with many-to-many relationship Laravel
Put function in Queue but not loaded relation data | Laravel Queue
Magento AvS_fastsimpleimporter multiple addresses
Parse a text file into an array of associative arrays by splitting on semicolons, then commas, then equals signs
How to validate an Instagram username
Parse video id and start time from differently formatted youtube URL strings
How to create a multidimensional array with an identifying column value used as the first level key?