ENT_QUOTES not working

tikal

PHP 4.3.3
magic_quotes_gpc is on

I have a site where user input is taken from a form , displayed, re-edited, inserted to db etc.

The data would truncate on " so I assumed I needed a combination of addslashes and htmlspecialchars. However, the ENT_QUOTES doesn't seem to have an effect .

I tested with the following expecting the EN_QUOTE ones to translate both types of quotes:

if(isset($POST['preview'])){
$orig = $POST['inputText'];
$stripped=stripslashes($_POST['inputText']);

//typed: A'quote' is "bold
//Checked results from page source

echo htmlentities($orig)." \n";
// Outputs: A \'quote\' is \"bold

echo htmlentities($orig, ENT_QUOTES)." \n";
// Outputs: A \'quote\' is \"bold

echo htmlentities($stripped)." \n";
// Outputs: A 'quote' is "bold

echo htmlentities($stripped, ENT_QUOTES)." \n";
// Outputs: A 'quote' is "bold

echo htmlspecialchars($orig)." \n";
// Outputs: A \'quote\' is \"bold

echo htmlspecialchars($orig, ENT_QUOTES)." \n";
// Outputs: A \'quote\' is \"bold

echo htmlspecialchars($stripped)." \n";
// Outputs: A 'quote' is "bold

echo htmlspecialchars($stripped, ENT_QUOTES)." \n";
// Outputs: A 'quote' is "bold
}
else{
echo"<form action=\"entities.php\" enctype=\"application/x-www-form-urlencoded\" method=\"post\">";
echo"<input type=\"text\" name=\"inputText\">";
echo" <input type=\"submit\" name=\"preview\" value=\"Preview\">";
}

I expected the 'ENT_QUOTES' ones to change the single and double quotes.

Have I just misunderstood htmlspecialchars/htmlentities or is there another reason?

seby

why dont you use html_entity_decode its the opposite of htmlspecialchars.. that is what i use on my comment system when users want to edit a post.

tikal

Thanks for the reply.

Sorry, I'm not being clear. I was using add and strip slashes to deal with apostrophes in the form elements used to input text. However, when a " was used the input after the " was being lost so I thought I should use either htmlentities or htmlspecialchars to change the " to & quot but when I tried it had no effect.

I tested with the manual examples and noted that regardless of if I use ENT_QUOTES or not the output was wrong
e.g. in the manual example for Decoding html entities:
<snip>

$orig = "I'll \"walk\" the dog now";

$a = htmlentities($orig);

$b = html_entity_decode($a);

echo $a;

echo $b; // I'll "walk" the dog now

</snip>

echo $a; should output: I'll & quot walk & quot the dog now

but I was getting I'll "walk" the dog now

ie no " translation to & quot. I tried it with ENT_QUOTES and without but it made no difference.

Am I not understanding the php function, making a typo I'm blind to or is it a bug with my php host?

Many thanks.