Home/ Questions/Q 7174451
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T16:03:22+00:00

I know this must be a relatively simple problem, but Google has failed me.

  • 0

I know this must be a relatively simple problem, but Google has failed me. Say I have the following simple PHP document (no discussion on security, SQL injection, XSS, etc. This is just a simple example to illustrate my encoding problem):

<?php
if(!empty($_POST['message'])) {
    file_put_contents($filename, $_POST['message']);
}
?>
<!DOCTYPE html>
<html>
<head><meta http-equiv="content-type" content="text/html;charset=utf-8"/></head>
<body>
<form method="post" action="?">
    <textarea name="message">
    <?php echo htmlentities(file_get_contents($filename))?>
    </textarea>
    <input type="submit"/>
</form>
</body>
</html>

Now, I enter a Σ into the form and submit. When the page reloads, the textarea is filled with Σ instead of Σ.

I understand why this is (to a degree), but I do not know how to fix the post to stop it from happening. Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    htmlentities defaults to assuming ISO-8859-1 as input, but you feed it utf-8…, so a correct way would be htmlentities($string, ENT_COMPAT,"UTF-8");

    In this case I’d rather go for htmlspecialchars though, other entities shouldn’t be needed.

    • 0