I am trying to escape some users input in form. if( !empty($_SESSION[‘descr’]) ) {

Question

0

Asked: June 14, 20262026-06-14T22:39:01+00:00 2026-06-14T22:39:01+00:00

I am trying to escape some users input in form. if( !empty($_SESSION[‘descr’]) ) {

0

I am trying to escape some users input in form.

if( !empty($_SESSION['descr']) )
{
    $descr = htmlentities($_SESSION['descr']);
    $descr = stripslashes($descr);
    $descr = html_entity_decode($descr); 

    echo"<textarea cols=\"50\" rows=\"10\" name=\"descr\" >".$descr."</textarea>";
}
else
{
    echo "<textarea cols=\"50\" rows=\"10\" name=\"descr\" ></textarea>";
}

I didn’t use html_entity_decode() in the first place then I realized if a user put some French characters then it won’t show them correctly.
Is it save to use it the way it is with html_entity_decode()?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T22:39:02+00:00

Editorial Team

2026-06-14T22:39:02+00:00Added an answer on June 14, 2026 at 10:39 pm

You should change the encoding of the string to ISO-8859-15, which picks up characters that LATIN-1 misses (ie french characters):

$descr = htmlentities($desc,ENT_COMPAT,'ISO-8859-15');

ENT_COMPAT may not be the flag you are looking for, but you can find a subtitle in the manual.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am trying to escape some users input in form. if( !empty($_SESSION[‘descr’]) ) {

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply