Beware of doubly escaped ampersands

It's not uncommon to see web pages with text showing incorrectly as "blah" instead of "blah". (A simple search for the text '"' will return numerous examples of such errors.)

This is caused by overzealous escaping of special characters. The ampersand character '&', in particular, is doubly special: it is both a special character, and forms part of the escape mechanism itself, as in '>' and '"'.

If text containing any special character is escaped twice, then the above mentioned problem occurs. A simple example shows why :

The most common cause of such double escaping occurs by: Since the escaping is related to HTML - that is, to the presentation layer - it's recommended that the database not store data is its escaped form.

See Also :
Escape special characters
Beware of common hacks
Would you use this technique?
Yes   No   Undecided   
© 2018 Hirondelle Systems | Source Code | Contact | License | RSS
Individual code snippets can be used under this BSD license - Last updated on September 21, 2013.
Over 2,000,000 unique IPs last year - Built with WEB4J.
- In Memoriam : Bill Dirani -