Unable to replace some html characters from a text received from a database

Question

Unable to replace some html characters from a text received from a database

Navigation

#1 by (1 votes)

0

From the database I receive the following text:

&lt;div onclick=&quot;alert('cÃ³digo inyectado');&quot;&gt;Texto&lt;/div&gt;

[img]http://www.hobbyconsolas.com/sites/hobbyconsolas.com/public/media/image/2015/07/503196-halo-5-guardians-nuevos-datos-campana-cooperativa.jpg[/img]

Y aquÃ una URL: [url]https://www.google.es/?gws_rd=ssl[/url]

Bueno pues vamos [b]a ver si esto funciona[/b] porque &quot;todavÃa&quot; no lo sÃ© [i][u]bien[/u][/i]

This text is stored in a variable $texto . After going through htmlspecialchars () to avoid code injection, I try to replace the html characters by their counterparts:

$texto = str_replace("&quot;","\"",$texto); //para comillas
$texto = str_replace("&lt;","<",$texto); // para <
$texto = str_replace("&gt;",">",$texto); // para >

But none is modified. I have been doing tests and it seems that it is because of the character & , if I delete it it is modified.

php

asked by JetLagFox 09.07.2017 в 04:59

source

1 answer

Redirect to route error view in laravel configure python 3.6.2 and pycharm professional in ubuntu 16.04

score 1 · Accepted Answer

Try using utf8_encode or utf8_decode in the string before trying to manipulate it, apparently it is a string encoded in utf8 and shown in ISO-8859 or vice versa. Put another way what you see on the screen is not what PHP is manipulating.

PHP has multi-byte functions, you can find them here ; The function you can use to solve this problem is mb_eregi_replace