Free as Freedom, not Free as Free Pizza!” />

-

Udruženje Informatičara BiH - Cross-platform and Portable Development With PHP, LAMP/WAMP development, AJAX and Javascript, ASP, dot NET, C sharp, C++, C, VB, Oracle, tutorials and tips...
Free as Freedom, not Free as Free Pizza!


 
Web http://www.uibih.co.nr

Add to Google

Friday, October 13, 2006

htmlentities() and ENT_QUOTES

In this article I will talk a little about htmlentities() built-in function in PHP and its property "ENT_QUOTES", this function is used to convert all applicable characters to HTML entities, this function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.
If you're wanting to decode instead (the reverse) you can use html_entity_decode().
This function can help us in securing our sites from hackers and mysql injections, it also fixes mysql bugs which can result if we use the single quote as an entry in the insert query.
Let us see some examples :

$str = "A 'quote' is <b>bold</b>";

// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str);

// // Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str, ENT_QUOTES);
?>


Here you will see that the variable 'str' will have a single quote and <b>bold</b> html tag in it self, when using htmlentities on it, it will output only <> as entities, and ignore the single quote, so we are using another property in htmlentities "ENT_QUOTES", the function will not ignore the single quote in this case, that will solve our problem with this function.
For any questions please comment ...

Making CSV - Comma-separated values in PHP

The comma-separated values (or CSV) file format is a delimited data format that has fields separated by the comma character and records separated by newlines. Fields which contain a comma, newline, or double quote character or which start or end with whitespace, must be enclosed in double quotes. Furthermore, if a line contains a single entry which is the empty string, it must be enclosed in double quotes. If a field's value contains a double quote character it is escaped by placing another double quote character next to it. The CSV file format does not require a specific character encoding, byte order, or line terminator format.
Today I will write a simple code, we will connect to a DB select some data and put it in a cvs file.
Here is the code with comments :

// We create a class for connecting to the DB
class db_connect {
var $host = "localhost";
var $db = "country";
var $user = "root";
var $pass = "";
var $query;
var $num;
var $num2;
var $twoD;

function connect_easy()
{
if(!$connect = mysql_connect($this->host,$this->user,$this->pass));
if(!mysql_select_db($this->db));
if(!($result = mysql_query($this->query)));
@$this->num = mysql_num_rows($result);
@$this->num2 = mysql_num_fields($result);
for($x=0;$x<$this->num;$x++)
{
$a = mysql_fetch_array($result);
for($i=0;$i<$this->num2;$i++)
{
$b[$x][$i] = $a[$i];
}
}
$this->twoD = $b;
}
}
?>

Save this in a file named "class.php" ...

ob_start();
// we prepare the browser for download, we will include our class
require_once("class.php");
// start writing the csv, first the fileds ...
$csv_content = '"id","country","code"'; // where the fields in the DB are id, country, and code
$csv_content .= "\n"; // new line
// now the data from the DB, we create the connection object
$db = new db_connect();
// make the query
$db->query = "select * from country";
// execute the query
$db->connect_easy();
// we fill out the csv
for($i=0;$itwoD);$i++){
$csv_content .= "'".$db->twoD[$i][0]."','".$db->twoD[$i][1]."','".$db->twoD[$i][2]."'\n";
}
ob_end_clean();
header("Content-Type: application/csv-tab-delimited-table");
header("Content-disposition: attachment; filename=" . urlencode( "country.csv"));
echo $csv_content;
?>

Save this as download.php, when you call it it will ask you to download the csv file, and that is it..