Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialMartin Park
12,792 PointsProblem with filter_input (FILTER_SANITIZE_STRING) and HTMLSPECIALCHARS in this video [Turning ' into ']
So I stumbled upon this error during the course. If you enter "Martin's Task" in the Task Title and fill in all fields, it works fine. If you miss out one field to display the "Please fill in the required fields: Project, Title Date and Time" message "Martin's Task" turns into "Martin's Task" <<It even happens here I am typing ' ; and it converts it to a '.
If you remove either FILTER_SANITIZE_STRING or HTMLSPECIALCHARS the problem vanishes.
I looked up the teacher's notes and saw that HTMLSPECIALCHARS turns ' (single quote) into ' ; I tried to use "ENT_NOQUOTES" (see below) so that the quote symbols are not encoded but it didn't fix the error which I cannot understand?
ENT_NOQUOTES Will leave both double and single quotes unconverted.
From what I understand FILTER_SANITIZE_STRING removes html like <b>
So ultimately I want to know WHY this is happening, and how should you fix it? Should you only use one FILTER_SANITZE_STRING or HTMLSPECIALCHARS?
Should we not encode single quotes in places like a title where it might be something like Martin's Project, Assassin's Creed, The Devil's Rejects etc.
EDIT: Finally I found that using the following works (FILTER_FLAG_NO_ENCODE_QUOTES) but now I am really confused about what we are actually doing with both these functions. Are they not essentially doing the same thing?
$title = trim(filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES));