I've a problem of character encoding in php, so this's the php code:
n_event=$_GET['ndlann'];
$nom_complet=htmlentities(stripslashes($_POST['nom']));
$email_comment=htmlentities(stripslashes($_POST['email']));
$titre_comment=htmlentities(stripslashes($_POST['titre']));
$texte_comment=htmlentities(stripslashes(nl2br($_POST['commentaire'])));
$pays_comment=$_POST['pays'];
$date_ajout=date('Y/m/d');
Data will be added in a database table , you see that this data comes from a comments form, so when the user enters some comments with orient languages carachters (arabic,hebrew...etc), the input data will change to something 开发者_运维技巧like :
Ø´Ù�را عÙ�Ù� اÙ�Ù�Ù�ضÙ�Ø
I tried to delete the htmlentities method and that works fine , but does start another problem of comments form security (js scripts will be executed)
What can I do with this situation?
and thanks
Do not use htmlentities() ever.
This function has been obsoleted long time ago.
Use htmlspecialchars()
instead.
you have also bunch of nonsense in your code
doing
htmlentities(nl2br(*))
has no sense.make stripslashes conditional, only if magic quotes are set on.
there is a possible problem with
pays
field.I am also afraid that you're taking htmlentities as some sort of SQL escaing function. Am I right?
In my opinion, and according to the PHP doc, the accepted answer is not correct. Nowhere it is written that this function has been deprecated.
If you set correctly the third argument of the function, called $encoding
, it will solve your problem.
I hope this helps.
精彩评论