Soaku Soaku - 4 years ago 67
PHP Question

;) emote showing when using ")

I run a forum site with some emotes. Code of one is

;)
. Nothing weird. To parse it, I use the command

$text = str_ireplace(array(";)", ";-)", "^wink^"), "<img src='/images/emotes/wink.png' style='height: 30px;width:30px; vertical-align:text-top;'>", $text);


(sorry, if I typed something wrong. I couldn't copy-paste right now)

Everything works great, but when I tried to give an example code:

function("mind");


I got this in return:


function("mind"image);


I was wondering, why it happens. I also seen it on other webpage (mrush.net). It only happens, if you typed
")
, but only replaces
)
. The quote signs stays.

Is there any explanation to this?

EDIT 2:
Previous edit didn't work

Answer Source

The problem is that you're replacing inside an HTML string which you've already escaped with htmlspecialchars or similar, which escapes quote marks as &quot;. So the sequence is:

  1. the user types ")
  2. the escape function escapes this as &quot;)
  3. the substitution sees the ;) and outputs &quot<img...>
  4. the browser sees the &quot and assumes you meant &quot;, so displays a quote mark and an image

This is tricky, because you can't apply the substitution before HTML-escaping, because you want to insert actual HTML for the image.

One approach would be to use a placeholder that is unambiguous, for instance your long-form ^wink^:

  1. replace instances of ;) with ^wink^
  2. escape HTML
  3. substitute ^wink^ with <img...>
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download