Reputation: 1849
php pdo and html entity decode
The data was inserted into the database after being escaped as follows:
$caller=htmlentities($formVarsI['caller'], ENT_QUOTES, "UTF-8");
Some of the $caller's have single quotes e.g. O'Connor and these then look like O'Connor in the database.
I am now trying to extract the data using a REST api and below is my php:
$sql = "SELECT caller FROM tbl_calls ";
try {
$db = getConnection();
$stmt = $db->query($sql);
$calls= $stmt->fetchAll(PDO::FETCH_OBJ);
$db = null;
echo json_encode($calls);
}
My question is how to html_entity_decode on $caller so as to remove the
'
for each caller where it applies. Note there are approx. 10,000 entries in the db.
Upvotes: 2
Views: 2271
Answers (2)
Reputation: 28909
The solution, of course, is to stop using htmlentities() to escape data going into a database.
The htmlentities() function is for escaping data to be injected into an HTML document context. Not a database.
Upvotes: 6
Reputation: 6239
I think you should specify the quotes parameter.
html_entity_decode('O'Connor', ENT_QUOTES);
// output: O'Connor
By default it's ENT_COMPACT and it just convert double quotes, not single.
Upvotes: 3
Related Questions
- Two times html entity decode
- PHP Htmlentities function not encoding string to database using PDO
- PHP html_entity_decode Doesn't Decode Entity as Expected?
- How to decode HTML entities while using PHP?
- PHP : applying html_entity_decode to whole result array
- decode HTML entities in php
- Decoding htmlentities from database PHP
- PHP: Decoding Html Entities
- html_entity_decode() isn't working properly?
- Decoding with html_entity_decode, and then having problem with