Soaku Soaku - 4 years ago 67
PHP Question

;) emote showing when using ")

I run a forum site with some emotes. Code of one is

. Nothing weird. To parse it, I use the command

$text = str_ireplace(array(";)", ";-)", "^wink^"), "<img src='/images/emotes/wink.png' style='height: 30px;width:30px; vertical-align:text-top;'>", $text);

(sorry, if I typed something wrong. I couldn't copy-paste right now)

Everything works great, but when I tried to give an example code:


I got this in return:


I was wondering, why it happens. I also seen it on other webpage ( It only happens, if you typed
, but only replaces
. The quote signs stays.

Is there any explanation to this?

Previous edit didn't work

Answer Source

The problem is that you're replacing inside an HTML string which you've already escaped with htmlspecialchars or similar, which escapes quote marks as &quot;. So the sequence is:

  1. the user types ")
  2. the escape function escapes this as &quot;)
  3. the substitution sees the ;) and outputs &quot<img...>
  4. the browser sees the &quot and assumes you meant &quot;, so displays a quote mark and an image

This is tricky, because you can't apply the substitution before HTML-escaping, because you want to insert actual HTML for the image.

One approach would be to use a placeholder that is unambiguous, for instance your long-form ^wink^:

  1. replace instances of ;) with ^wink^
  2. escape HTML
  3. substitute ^wink^ with <img...>
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download