Related Topics
No topics are associated with this blog
When creating scripts that allow a user to edit HTML, you have to ensure that the browser doesn't confuse the input with HTML to be rendered. I struggled with this long and hard and throughout the utilities section of this website are various hacks that I created with brute force. They work, but they are mostly ugly and all were time consuming.
Well, guess what? The PHP manual has a section on this subject and the solution is really rather elegant. Chaper 56. PHP and HTML. It's worth reading, but the essential bits are reproduced below:
Example 56-1. A hidden HTML form element <?php echo "<input type='hidden' value='" . htmlspecialchars($data) . "' />\n"; ?> Example 56-2. Data to be edited by the user <?php echo "<textarea name='mydata'>\n"; echo htmlspecialchars($data)."\n"; echo "</textarea>"; ?> Example 56-3. In a URL <?php echo "<a href='" . htmlspecialchars("/nextpage.php?stage=23&data=" . urlencode($data)) . "'>\n"; ?>
Originally published: Monday, August 07, 2006; most-recently modified: Monday, June 04, 2012