php working htmlentities destroys utf-8 strings




print htmlentities(< p bob was here</ p ent_quotes utf 8); (4)

I got something weird happening here and I can't understand why, on my php 5.2.5 server (Just on Linux ,Windows php servers doesn't have same problem) When I use a POST Form to post the content on an input containing "é" and on the other side I

echo(htmlentities($_POST["myinput"])) 

it echos &Atilde;&copy;

But if I echo my

$_POST["myinput"] 

simply it shows "é", so this mean my htmlentities doesn't use UTF-8 by default, where can I change the Charset used by htmlentities?

I tried changing it in my php.ini default_charset = "UTF-8", but it won't work either?


From php manual : htmlentities() takes an optional third argument encoding which defines encoding used in conversion. From PHP 5.6.0, default_charset value is used as default. From PHP 5.4.0, UTF-8 is the default. PHP prior to 5.4.0, ISO-8859-1 is used as the default. Although this argument is technically optional, you are highly encouraged to specify the correct value for your code.


htmlspecialchars($str, ENT_QUOTES, "UTF-8")

This is also better at preventing xss than just htmlentities()


In version 5.4.0 the default value for the encoding parameter was changed to UTF-8.

Source: Manual


And if you don't want to worry about so many different charset codings or if htmlentities doesn't work for you, here the alternative: I used mysqli DB connection (and PHPV5) Form post for writing/inserting to MySQl DB.

$Notes = $_POST['Notes']; //can be text input or textarea.

$charset = mysqli_character_set_name($link);  //mysqli connection
printf ("To check your character set but not necessary %s\n",$charset);  

$Notes = str_replace('"', '&quot;', $Notes);  //double quotes for mailto: emails.  
$von = array("ä","ö","ü","ß","Ä","Ö","Ü"," ","é");  //to correct double whitepaces as well
$zu  = array("&auml;","&ouml;","&uuml;","&szlig;","&Auml;","&Ouml;","&Uuml;","&nbsp;","&#233;");  
$Notes = str_replace($von, $zu, $Notes);  
echo " Notes:".$Notes."<br>" ;  
$Notes = mysqli_real_escape_string($link, $Notes); //for mysqli DB connection.
// Escapes special characters in a string for use in an SQL statement

echo " Notes:".$Notes ;  //ready for inserting




php