0

I have a string stored in an array: But I Don't

and when I print it on my webpage I get: But I Don’t

I've tried htmlentities(), htmlspecialchar(), both with ENT_QUOTES enabled.

I realize I can force my function to do a string replace each time I print, but surely there's a way in PHP that I can go through my array, printing each string, and have it convert all special characters (not just quotes) into proper html?

I'm just baffled that some how apostrophes didn't make the cut for string sanitization.

EDIT

Turns out it was a back tick after all, so the string was: "But I Don`t"

Is there an easy way to sanitize this in PHP as well?

FaultyJuggler
  • 532
  • 1
  • 8
  • 29
  • The problem here is the string encoding. `ENT_QUOTES` won't solve this particular problem. The first thing you need to find out is the source encoding. Is it not UTF-8? Try forcing UTF-8 with `htmlentities($string, ENT_QUOTES, 'UTF-8');` – hw. Jun 07 '13 at 04:01
  • are you escaping the apostrophe like But I Don\'t? – rogMaHall Jun 07 '13 at 04:01
  • You could have the notorious `byte order mark` bug, better known as `The BOMb`. (bom) - check your encoded file, see if it's UTF-8 (with or without the byte order mark). One never knows. – Funk Forty Niner Jun 07 '13 at 04:02
  • And here, I Google'd it (`It=’`) for you and found this: http://stackoverflow.com/questions/2292004/getting-a-instead-of-an-apostrophe-in-php – Funk Forty Niner Jun 07 '13 at 04:05
  • You guys got me thinking, I always forget there's sometimes wild back ticks out there, I double checked the data source and sure enough it wasn't an apostraphe but a back tick. Oddly enough this was text copied from a previous webpage output. – FaultyJuggler Jun 07 '13 at 04:06
  • 1
    @rogMaHall He shouldn't have to escape it. The OP will be doing that `till the cows come home`. It needs to be taken care of `at the source`. – Funk Forty Niner Jun 07 '13 at 04:07
  • 1
    @FaultyJuggler Ahhh the `infamous TICK`, it'll get a BYTE outta ya every time! Glad you found your `bug` ;-) Good one, I'll remember that as a possible `answer`, next time. – Funk Forty Niner Jun 07 '13 at 04:08
  • 1
    @FaultyJuggler You need to be more careful when you copy/paste stuff off the web, you never know what you're gonna catch! Hey, it happens to the best of us (once in a blue moon). Cheers! – Funk Forty Niner Jun 07 '13 at 04:12
  • @FaultyJuggler In regards to your other question `"Is there an easy way to sanitize this in PHP as well?"`, I couldn't find anything concrete on the subject. You could catch it at the gate, and use `preg_replace` or `str_replace` as a last resort I suppose. – Funk Forty Niner Jun 07 '13 at 04:27
  • @FaultyJuggler Here, give this a whirl $string = str_replace(array("`",chr(96)),array("'","'"), $string); (sorry, couldn't highlight the code, it already contains the "tick" character). – Funk Forty Niner Jun 07 '13 at 04:34

0 Answers0