CODEWITHSUNDEEP
phphtmlhtml-encode
MAX POWER
MAX POWER

Reputation: 5448

Character "&" is the first character of a delimiter but occurred as data

I'm storing HTML and text data in my database table in its raw form - however I am having a slight problem in getting it to output correctly. Here is some sample data stored in the table AS IS:

<p>Professional Freelance PHP & MySQL developer based in Manchester.
<br />Providing an unbeatable service at a competitive price.</p>

To output this data I do:

echo $row['details'];

And this outputs the data correctly, however when I do a W3C validator check it says:

character "&" is the first character of a delimiter but occurred as data

So I tried using htmlemtities and htmlspecialchars but this just causes the HMTL tags to output on the page.

What is the correct way of doing this?

Upvotes: 4

Views: 14726

Answers (4)

pattyd
pattyd

Reputation: 6160

What you want to do is use the php function htmlentities()...
It will convert your input into html entities, and then when it is outputted it will be interpreted as HTML and outputted as the result of that HTML...
For example:

$mything = "<b>BOLD & BOLD</b>";
//normally would throw an error if not converted...
//lets convert!!
$mynewthing = htmlentities($mything);

Now, just insert $mynewthing to your database!!

Upvotes: 4

gd1
gd1

Reputation: 11403

htmlentities is basically as superset of htmlspecialchars, and htmlspecialchars replaces also < and >.

Actually, what you are trying to do is to fix invalid HTML code, and I think this needs an ad-hoc solution:

$row['details'] = preg_replace("/&(?![#0-9a-z]+;)/i", "&amp;", $row['details']);

This is not a perfect solution, since it will fail for strings like: someone&son; (with a trailing ;), but at least it won't break existing HTML entities.

However, if you have decision power over how the data is stored, please enforce that the HTML code stored in the database is correct.

Upvotes: 2

lorado
lorado

Reputation: 336

In my Projects I use XSLT Parser, so i had to change &nbsp; to &#160; (e.g.). But this is the safety way i found...

here is my code

$html = trim(addslashes(htmlspecialchars(
        html_entity_decode($_POST['html'], ENT_QUOTES, 'UTF-8'),
        ENT_QUOTES, 'UTF-8'
    )));

And when you read from DB, don't forget to use stripslashes();

$html = stripslashes($mysq_row['html']);

Upvotes: 0

newbie
newbie

Reputation: 1260

Use &amp; instead of &.

Upvotes: 11

Related Questions