1

I am pulling some category names from a table, and I am using htmlspecialchars() to process the string that I get back for the category name. The problem is that one out of hundreds of category names is being echo'd with a bad closing tag. This is a simplified version of the string I am echoing:

$value['CATNAME'] = htmlspecialchars($value['CATNAME']);

echo '<a href="somepage.php?parms=foo">'. $value['CATNAME']. '</a>';

All of the links are coming out correctly, except the bad one. It is being echo'd as

<a href="somepage.php?parms=foo">AR North/a>

Without the htmlspecialchars() line commented out, it's output with the correct closing tag. I looked at the string in the table and there's nothing wrong with it there either. Does this seem like a PHP issue, or should I be looking elsewhere? I am suspecting that maybe there is some javascript messing with the tags, that's where I plan on looking next.

Thanks.

EDIT: Update

More detailed code with what I am trying now:

        // Convert characters with special HTML significance
        $value['CATNAME'] = utf8_encode($value['CATNAME']);
        $value['CATNAME'] = htmlspecialchars($value['CATNAME']);
        // Print the list item. If the currently selected Id is equal to the category being listed indicated so by marking it

        if ($selectedCat === $value['CATID'])
            echo '<li id="catSel"><a href="page.php?id=' . $value['parm1'] . '&amp;pl=' . $_SESSION['parm2'] . '">' . $value['CATNAME'] . '</a>';
        else
            echo '<li><a href="page.php?id='. $value['parm1']. '&amp;pl='. $_SESSION['parm2']. '">'. $value['CATNAME']. '</a>';

Is still giving me

<li><a href="somepage.php?id=185&amp;pl=10">AR North/a></li>

But if I change the last line to

$value['CATNAME']. '</a>'; to $value['CATNAME']. ' </a>';

I get 

<li><a href="catview.php?id=185&amp;pl=10">AR North </a></li>
Bead
  • 363
  • 6
  • 14
  • 1
    Can you show this example (which goes wrong) on [codepad](http://codepad.viper-7.com)? – PeeHaa May 10 '12 at 21:12
  • Could be the javascript, or could be maybe some character encoding problem in particular value of CATNAME. Maybe try htmlspecialchars with 3d parameter to specify encoding? – Gnudiff May 10 '12 at 21:13
  • 1
    what does `var_dump($value['CATNAME']);` give? And also please give the hexdump from that string: http://stackoverflow.com/questions/1057572/how-can-i-get-a-hex-dump-of-a-string-in-php – hakre May 10 '12 at 21:27
  • Which PHP version are you using? Are you aware of the differences for encoding this function has undergone in the past? http://php.net/htmlspecialchars – hakre May 12 '12 at 10:34

1 Answers1

2

The string may have a hidden delete character (ASCII 127) hidden in it. Try to echo out the string in hex to see if u can find something out of the ordinary. Sometimes it's a simple encoding issue and encoding the string as utf-8 before running htmlspecialchars may fix it.

EmmanuelG
  • 1,051
  • 9
  • 14