We launched a new IT training category! Check out the 140+ courses now.

Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Encoding for HTML

From: PHP with MySQL Essential Training

Video: Encoding for HTML

In the last movie, we saw how to use PHP to encode values for use in the url string. And that's because there's certain characters that have special meaning when they're used in the url. There's another place where we have to watch out for reserved characters, to make sure we don't end up with unintended consequences. And that's in the HTML. Here's a sample block of HTML. Now, there are reserved characters in HTML that have special meaning. Most notably, the less than and greater than signs that surround the HTML tags. These characters indicate to HTML that everything inside here is an instruction for UHTML. This is something that you should follow, and use for your formatting. But don't output it to the end user.

Encoding for HTML

In the last movie, we saw how to use PHP to encode values for use in the url string. And that's because there's certain characters that have special meaning when they're used in the url. There's another place where we have to watch out for reserved characters, to make sure we don't end up with unintended consequences. And that's in the HTML. Here's a sample block of HTML. Now, there are reserved characters in HTML that have special meaning. Most notably, the less than and greater than signs that surround the HTML tags. These characters indicate to HTML that everything inside here is an instruction for UHTML. This is something that you should follow, and use for your formatting. But don't output it to the end user.

They won't actually see The results of those tags. It's just for the HTML's benefit. We want to take care that we don't output strings with characters that have special meaning to HTML, or we'll break the HTML or break our text. Imagine, for example, that in our paragraph of text there, we had a literal less than sign that we wanted to downput to the screen. As HTML is reading it, it's going to come across that less than sign and think that that's the beginning of a tag. And it will interpret everything after that as being part of a tag until it gets to a closing greater than sign. So you can see how it would break it.

There are 4 characters that are reserved characters in HTML. They're the less than sign, the greater than sign, the ampersand, and the double quote. Mostly it's going to be the less than and greater than sign that we're most concerned with. But we're going to go ahead and take care of all four of these. So that they don't cause problems for us. Now the way that we'll do that is we're going to encode them. It's the same strategy that we used with the URL string. But it's completely different. Different set of characters, different encoding. But the idea is the same. We're rendering them harmless. When we encode them for HTML we're going to do the encoding differently.

We're going to encode them into their HTML character entities. You may remember from HTML there's these character entities. They're defined by an amperstand at the beginning, an semicolon at the end and some abbreviation in the middle to indicate what character it is. HTML sees these and displays them correctly to the user, but it didn't know the difference between the encoded entity and the regular symbol. So, for example, less than sign becomes $lt;. HTML sees $lt; and outputs to the user a <, but it does not then see that < as being part of the tag.

We can encode HTML using two functions of PHP. The first one we'll look at is HTML special chars short for characters. And the other one is HTML entities. So lets try them both. So to start with lets open up basic .HTML. Let's use Save As and we'll save this as HTML encoding.PHP. There we go, HTML encoding. Now, let's first illustrate the problem. Let's say that we have a link. A href equals and inside that link we're going have text and that text is going to say Click inside less than, greater than signs and learn more. That's the text that we would like to output to the user. We would like the user to see that literal text but HTML is going to come along and it's going to read this and going to say wait a minutes. This is a less than sign.

This must be the begining of a tag. When it gets to the greater than sign, it's going to say Okay that must be the end of the tag. So, therefore this must be a tag. This is an instruction for me. Not part of the text. Let's see what that looks like. Let's save it. Come back over here. HTML encoding.PHP. And notice that click, doesn't show up, because tags don't show up. We don't see a body tag, we don't see an "A" tag, those are just instructions for HTML. So, it thinks that's what this is and it doesn't output it to the user. Even worse, let's take away the second one, let's save it again.

Now HTML is going to read it and think that all of this is one tag. All the way, until it gets to the greater than sign again. Reload the page, and you'll see that, sure enough, nothing now outputs. So this can cause a lot of problems for us. So what we need to do is encode it. We're going to use our PHP to do that. So let's start with PHP and we'll have linked text equals, and then I'm just going to take all of this and cut it and drop it into a string here. And then we'll output it using PHP Linktext. Now I haven't done anything different here except move the code into PHP.

That's it. Theres no encoding happening, we could reload the page and we'd see the exact same thing. Now though, let's try encoding and we're going to use that HTML special chars. What that's going to do is encode those four special characters for us. We've got three of those here. We've got the less than, we've got the greater than, and we've got the ampersand. Now, notice this does the encoding. It's not going to actually output them for us. We still need to have the echo, very important. So let's save it, let's go back and look at it. And sure enough, that's exactly what we expected.

That's the length that we wanted users to see on the screen. We wanted them to see the less than sign. If we go to Tools > Web Developer > Page Source, here we are, you can see that it converted them to their character entities. See how that works? That rendered them harmless. HTML was able to see that that was different than an instruction that it should process. Now there's also another function called HTML special characters decode. If you ever needed to decode it for any reason. But we typically don't, because if we're just outputting it to HTML, it's built into the HTML to do that decoding for us. To decode character entities into something that we can send back to the user, that's built in.

So that's really all there is to HTML special chars. Lets talk about HTML entities. It works just like HTML special chars does, but the difference is that all characters that have an equivalent HTML entity are translated into those entities. HTML special chars just does those four. But there's a lot of HTML character entities, bullets in dashes, trademark symbols, copyright symbols, foreign currency symbols, accident characters. All of those have HTML entities. Lets try an example with those real quick. I'm going to come back over here. I'll make a br tag.

And lets do a new block of PHP. And in it, I'm just going to put text equals and I'm going to put some special characters in here. I got the trademark symbol, the pound, the bullet, an opening curly double quote, and in dash and accinity. Those are just a few, you can try typing others yourself. So to start with, let's just echo back text. To just see what that looks like. So I'll go back over here, and we'll reload the page. Look at that, It gave me some gobbledygook, right? Not at all what I intended. Those are not the characters that I had in mind.

These are called high ASCII characters and they're handled a little differently. But, if we use our HTML entinties on it, It will now grab all of those and encode them into their HTML entity equivalent. Let's come back over here. Reload the page. And there you go. Now we see we have the correct ones. And sure enough if you go to View Page Source, you'll see that it's converted them all into their equivalent entities. So, HTML entites does more than HTML special characters does. It does not just those four, it does all of them. HTML special charts are the ones that you really have to do so that you don't break your page. HTML entities are the one that you're going to want to do just to have nice looking text.

So that's the kind of thing if you have a paragraph, and it might include some of these characters, then HTML entities would be an appropriate thing to use there. But not doing it won't break your HTML, it just might make your text look a little funny. Alright, so now that we know about URL encoding, and we know about HTML encoding. I want us to take a look at how this all fits together, because it's important to understand how the two work in conjunction. I'm going to give you just a big block here, laying out the differences, what to use when. So I'm going to have a URL page. A simple URL, then I'm going to have a parameter, and that parameter is going to have some characters in it that HTML doesn't like.

Then I'm going to have parameter 2, which has some characters that the URL string doesn't like. And then link text is going to be the same thing we just had. Click and learn more. So let's construct a URL from that. We're going to take the base of the URL. We're going to append to that, raw URL encoded, the URL page. Everything that goes to the left of the question mark uses raw URL encode. Everything that goes to the right of the question mark is going to get just URL encoded. So we do that to both of our parameters. At this point now our variable, URL, is safe to put into the query string. It's okay to use as a URL.

We can use it for our link. And it won't break the URL string. But it's not necessarily safe for the HTML. And we're about to output it into the HTML. Well, if we just echoed it into our href attribute then it could cause a problem, and break our HTML. Depending on what characters are there. So we also need to use HTML special chars here to make sure that it is not going to break the html when the link is first displayed, before it's clicked on. Up here we've taken care of after it's clicked on. This takes care of it before it's clicked on.

And the the text that we're going to use, we also want to use html special chars on. And of course, we want to echo it both times. So let's save it. Let's come back over here Let's reload the page. let me just put a
tag up here to
make it look a little nicer. There we go. Click & learn more, and that link won't go anywhere because that page doesn't exist, but you can see it at the bottom. You can see what it's going to load up. And you can see that it's perfectly safe, that this is going to be perfectly fine. It has encoded all of them that it needs for the URL string. So it's important to keep the differences straight and to understand why you're doing each one. You need to make sure that the URL is going to be safe. And then, if you're going to put it into your HTML, you want to make sure that it's safe to put it in your HTML as well.

Show transcript

This video is part of

Image for PHP with MySQL Essential Training
PHP with MySQL Essential Training

131 video lessons · 36002 viewers

Kevin Skoglund
Author

 
Expand all | Collapse all
  1. 4m 8s
    1. Welcome
      1m 0s
    2. Using the exercise files
      3m 8s
  2. 15m 6s
    1. What is PHP?
      3m 52s
    2. The history of PHP
      2m 51s
    3. Why choose PHP?
      4m 10s
    4. Installation overview
      4m 13s
  3. 54m 53s
    1. Overview
      2m 33s
    2. Working with Apache Web Server
      6m 56s
    3. Changing the document root
      7m 24s
    4. Enabling PHP
      6m 16s
    5. Upgrading PHP
      3m 30s
    6. Configuring PHP
      10m 3s
    7. Installing MySQL
      5m 46s
    8. Configuring MySQL
      7m 24s
    9. Text editor
      5m 1s
  4. 31m 25s
    1. Overview
      3m 27s
    2. Installing WampServer
      5m 46s
    3. Finding the document root
      2m 24s
    4. Configuring PHP
      8m 12s
    5. Configuring MySQL
      5m 45s
    6. Text editor
      5m 51s
  5. 19m 12s
    1. Embedding PHP code on a page
      6m 43s
    2. Outputting dynamic text
      5m 55s
    3. The operational trail
      2m 27s
    4. Inserting code comments
      4m 7s
  6. 1h 18m
    1. Variables
      7m 50s
    2. Strings
      4m 38s
    3. String functions
      8m 54s
    4. Numbers part one: Integers
      6m 27s
    5. Numbers part two: Floating points
      5m 25s
    6. Arrays
      10m 0s
    7. Associative arrays
      6m 37s
    8. Array functions
      6m 33s
    9. Booleans
      3m 50s
    10. NULL and empty
      5m 15s
    11. Type juggling and casting
      8m 27s
    12. Constants
      4m 43s
  7. 27m 37s
    1. If statements
      6m 0s
    2. Else and elseif statements
      4m 16s
    3. Logical operators
      7m 30s
    4. Switch statements
      9m 51s
  8. 42m 15s
    1. While loops
      8m 41s
    2. For loops
      5m 59s
    3. Foreach loops
      8m 16s
    4. Continue
      8m 28s
    5. Break
      4m 8s
    6. Understanding array pointers
      6m 43s
  9. 37m 25s
    1. Defining functions
      8m 25s
    2. Function arguments
      5m 32s
    3. Returning values from a function
      7m 33s
    4. Multiple return values
      4m 53s
    5. Scope and global variables
      6m 2s
    6. Setting default argument values
      5m 0s
  10. 20m 18s
    1. Common problems
      3m 47s
    2. Warnings and errors
      8m 36s
    3. Debugging and troubleshooting
      7m 55s
  11. 57m 57s
    1. Links and URLs
      5m 33s
    2. Using GET values
      5m 35s
    3. Encoding GET values
      8m 41s
    4. Encoding for HTML
      9m 26s
    5. Including and requiring files
      7m 40s
    6. Modifying headers
      6m 45s
    7. Page redirection
      6m 43s
    8. Output buffering
      7m 34s
  12. 1h 3m
    1. Building forms
      7m 28s
    2. Detecting form submissions
      5m 59s
    3. Single-page form processing
      7m 57s
    4. Validating form values
      10m 40s
    5. Problems with validation logic
      9m 54s
    6. Displaying validation errors
      7m 23s
    7. Custom validation functions
      6m 28s
    8. Single-page form with validations
      7m 25s
  13. 28m 5s
    1. Working with cookies
      2m 49s
    2. Setting cookie values
      5m 55s
    3. Reading cookie values
      6m 1s
    4. Unsetting cookie values
      4m 51s
    5. Working with sessions
      8m 29s
  14. 48m 39s
    1. MySQL introduction
      6m 43s
    2. Creating a database
      7m 41s
    3. Creating a database table
      7m 42s
    4. CRUD in MySQL
      5m 48s
    5. Populating a MySQL database
      7m 32s
    6. Relational database tables
      6m 40s
    7. Populating the relational table
      6m 33s
  15. 56m 4s
    1. Database APIs in PHP
      4m 51s
    2. Connecting to MySQL with PHP
      7m 45s
    3. Retrieving data from MySQL
      8m 47s
    4. Working with retrieved data
      6m 12s
    5. Creating records with PHP
      6m 58s
    6. Updating and deleting records with PHP
      9m 6s
    7. SQL injection
      3m 5s
    8. Escaping strings for MySQL
      6m 45s
    9. Introducing prepared statements
      2m 35s
  16. 35m 58s
    1. Blueprinting the application
      7m 19s
    2. Building the CMS database
      5m 14s
    3. Establishing your work area
      4m 38s
    4. Creating and styling the first page
      4m 22s
    5. Making page assets reusable
      6m 36s
    6. Connecting the application to the database
      7m 49s
  17. 32m 49s
    1. Adding pages to the navigation subjects
      5m 58s
    2. Refactoring the navigation
      6m 7s
    3. Selecting pages from the navigation
      6m 2s
    4. Highlighting the current page
      5m 26s
    5. Moving the navigation to a function
      9m 16s
  18. 1h 45m
    1. Finding a subject in the database
      9m 48s
    2. Refactoring the page selection
      10m 52s
    3. Creating a new subject form
      6m 55s
    4. Processing form values and adding subjects
      11m 20s
    5. Passing data in the session
      9m 16s
    6. Validating form values
      9m 40s
    7. Creating an edit subject form
      8m 30s
    8. Using single-page submission
      7m 44s
    9. Deleting a subject
      9m 44s
    10. Cleaning up
      10m 37s
    11. Assignment: Pages CRUD
      4m 30s
    12. Assignment results: Pages CRUD
      6m 10s
  19. 39m 26s
    1. The public appearance
      8m 52s
    2. Using a context for conditional code
      11m 37s
    3. Adding a default subject behavior
      6m 9s
    4. The public content area
      5m 51s
    5. Protecting page visibility
      6m 57s
  20. 1h 3m
    1. User authentication overview
      4m 3s
    2. Admin CRUD
      8m 41s
    3. Encrypting passwords
      7m 26s
    4. Salting passwords
      5m 42s
    5. Adding password encryption to CMS
      11m 54s
    6. New PHP password functions
      3m 13s
    7. Creating a login system
      11m 28s
    8. Checking for authorization
      5m 48s
    9. Creating a logout page
      5m 40s
  21. 2m 4s
    1. Next steps
      2m 4s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed PHP with MySQL Essential Training.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.