I have a string that has special letters like "á" and htmlcode like "<input type='text' />". When I store this string in my DB I use: htmlentities($string, ENT_QUOTES);.
The problem is when I output the text, I use html_entity_decode($string_from_db, ENT_QUOTES) and all the entities I have in the database like "á" for the letters and "<input type='text' title="LA1&qu..." for the htmlcode gets converted. So my output will show the "á" letter and a text field which is not normal. I want the letter to be like that but for the field I want to show the code "<input type='text' />" not the actual field.
I need this for a multilingual site with alot of user input, so I need to be able to process the special letter properly but also protect for bad input. Any advice is greatly apreciated.
Well it seems I figured it out .... at least for now. Here's what I'm doing:
The text submitted by the user i sanitize it with:
function sanitize_form_input($string) {
$string = mysql_real_escape_string($string);
return $string;
}
Got page encoding, php encoding, html encoding, mysql encoding ... and any other possible thing with encoding set to UTF-8.
Output the text with:
function sanitize_db_output($string) {
return htmlentities(stripslashes($string), ENT_QUOTES, 'UTF-8');
}
Please let me know if this is a wrong way to do it.