I have a form with a text area where users can input an HTML code. That is then stored in a field of a mysql table.
On another page, this HTML code must be selected from the table and echoed, so that the processed HTML code is what will appear in the browser.
Problem is, there are symbols in the HTML code, such as single quotation marks, that will kill the syntax of the mysql UPDATE statement and allow for mysql injection attacks. To avoid this, i usually put "htmlentities($content, ENT_QUOTES)" instead of simply "$content" into the MySQL statement. However, if I do this, when I SELECT the info to output in another HTML page, it is not processed by the HTML, as all HTML symbols have been translated into their character codes...
So which PHP functions should I use to encode and decode my content (in this case HTML code) to suit this scenario?
Thanks.