PeterMartin

htmlentities() was exactly what was needed. It now works perfectly. Thank you so much!

<?php $fspec = base64_decode($_GET['q']); if (isset($_POST['content'])) { if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true); file_put_contents($fspec,stripslashes($_POST['content'])); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit template</title> <style type="text/css"> body { background-color:#fff; font-family:arial,verdana; font-size:10pt; } </style> </head> <body> <div style="background-color:#fff;"> <form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post"> <div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div> <div> <input type="submit" value="Save" /> <a href="javascript:window.close();">Close window</a> </div> </form> </div> </body> </html> This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to <a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a> The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST? I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above. Am I missing something obvious? Thanks in advance.