Related Topics
No topics are associated with this blog
When creating scripts that allow a user to edit HTML, you have to ensure that the browser doesn't confuse the input with HTML to be rendered. I struggled with this long and hard and throughout the utilities section of this website are various hacks that I created with brute force. They work, but they are mostly ugly and all were time consuming.
Well, guess what? The PHP manual has a section on this subject and the solution is really rather elegant. Chaper 56. PHP and HTML. It's worth reading, but the essential bits are reproduced below:
Example 56-1. A hidden HTML form element
<?php
echo "<input type='hidden' value='" . htmlspecialchars($data) . "' />\n";
?>
Example 56-2. Data to be edited by the user
<?php
echo "<textarea name='mydata'>\n";
echo htmlspecialchars($data)."\n";
echo "</textarea>";
?>
Example 56-3. In a URL
<?php
echo "<a href='" . htmlspecialchars("/nextpage.php?stage=23&data=" .
urlencode($data)) . "'>\n";
?>
Originally published: Monday, August 07, 2006; most-recently modified: Monday, June 04, 2012