1

Today I met the following issue/problem.

Database data (MySQL) appeared beginning with characters ​ (ZERO WIDTH SPACE). The data was saved by some user via the html form filled in by the copy-paste method from the email with html body content. These inconsistencies in the data subsequently caused errors in future processes.

So, is there any general solution that prevents storing html entities (such as ​) entered to the form using the copy-paste method?

Is it better to solve this problem on server side (PHP) or on client side (JavaScript)?

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
user1827257
  • 1,600
  • 4
  • 17
  • 24
  • The best solution is switching to UTF-8. Those entities appear when a browser needs to submit data that's not part of the document encoding. – Álvaro González Dec 07 '17 at 17:43
  • @ÁlvaroGonzález even by switching to UTF-8, wouldn't an invisilbe (unicode) character still slip by unnoticed? – Funk Forty Niner Dec 07 '17 at 17:44
  • Sure. I assumed that the problem were HTML entities, not the characters themselves. – Álvaro González Dec 07 '17 at 17:45
  • From a security perspective, server side sanitizing is the only safe way. Practically, your client side shouldn't be sending values like this... So both would be good but at the very least sanitize on the server-side. – Kallmanation Dec 07 '17 at 17:46
  • https://stackoverflow.com/questions/9993069/how-to-detect-hidden-characters-in-string-for-example-zero-width-space-during looks to be a duplicate. What do you think @ÁlvaroGonzález ? edit: wait, no it's not. I'll find another. Funny how "how to detect a ZERO WIDTH SPACE in php" found that C question though. Edit 2: I found a dupe for it. – Funk Forty Niner Dec 07 '17 at 17:46
  • http://php.net/manual/en/function.ctype-space.php along with the duplicate. – Funk Forty Niner Dec 07 '17 at 17:49

0 Answers0