If you store your text "htmlentitied" in the database, you will need to apply htmlentities to the search string, but not when you bring the data back from the database tables (to either display in the text editing screen, or the normal viewing screen. Example:
<?php $text = "This is a test </textarea>"; ?> <textarea name="text" cols="50" rows="10" wrap="virtual"><?php echo $textarea; ?></textarea> That will not bring a desirable result, without applying htmlentities(): <textarea name="text" cols="50" rows="10" wrap="virtual"><?php echo htmlentities($textarea); ?></textarea> I prefer to store text as-is in the database, then perform htmlentities when retrieving from the database. I tend to keep other text manipulation to basic one-time tasks, like word breaking (for big chunks of words), multi-space removal, etc. James "Rotsky" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Okay, I'm starting to tie myself in knots with this: > > Part of my site carries feature articles held in a MySQL database. I've > written an admin page that allows me to edit the articles in an HTML form > before saving them to the database (using INSERT or UPDATE as appropriate). > > On the site, I want users to be able to search using keywords in the > articles. > > Now, all of this is basically working, but I'm not sure quite what to do > about special characters. If I use htmlentities on the data when writing it > to the database, then an ampersand will be stored as & and this will > display fine. But then I guess I need to similarly treat search strings if > users' queries are to match properly. Also, if I pull the article into the > editing form, I guess I need to reverse the process with > html_entity_decode() before displaying and editing it, which is getting a > bit convoluted. > > Is there any reason why I shouldn't store characters in their natural form > in the database - (eg, store '&' as '&' rather than '&') and then just > use htmlentities to display the text? > > I'd be grateful for any opinions. > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
