html entities

[D_lete]

hi,

i'm having a bit of trouble with reading back my messages from the database, whenever i'm trying to read " or < or anything like that, i get "&gt and stuff like that, i'm reading the posts like this 

 

function getMessage(){

utf8_encode($this->message);

 

}

anny help would be great

 

grz

 

[Hazy125]

In general, the way to convert HTML entities back into their applicable characters you would use

 

html_entity_decode($string)

 

However, security wise, if this is a public site that many people can access and post messages to, you want be be selective about what you allow through. Doing this would allow people to post through HTML tags. While things like <b></b> or <em></em> won't do much other than make it look a little bit different, someone would be able post through a <script> tag. This is obviously bad, someone could use a script tag to generate an XMLHTTPRequest and automatically download all sorts of malicious software to whoever sees that message. The alternative to this is to selectively replace things using a preg_replace() type method