Am 24.06.2015 um 12:23 schrieb Clubnite:
> But I prefer to learn and
> understand the motivation for the decision to use htmlentities() over
> htmlspecialchars().
> I suppose there was good reason to use htmlentities()
The use of htmlentities() is a relict from times, where many browsers
had problems with UTF-8. It also converts fx. umlauts into their entity
codes, so special characters can be addressed using any encoding.
From a security poit of view, i.e., escaping HTML, htmlspecialchars() is
sufficient and thus the right choice.
Regards,
Niels
--
| New Stars on the Horizon: GreenCape · nibralab · laJoom |
|
http://www.bsds.de · BSDS Braczek Software- und DatenSysteme |
| Webdesign · Webhosting · e-Commerce · Joomla! Content Management |
------------------------------------------------------------------