desjardins2010 Posted March 19, 2014 Share Posted March 19, 2014 Hey Me again; when storing data to mysql db i want to ensure it's safe the data I need to store is HTML code so in essence could be awhole page of html depending on what the user creates - I want them to be able to paste there html code store it and have it displayed on a page.. so would I just be ok using htmlentites() or something else or something in addition? and have it not loose it's html properties Quote Link to comment Share on other sites More sharing options...
kicken Posted March 20, 2014 Share Posted March 20, 2014 As far as storing it into the database, you just need to use proper escaping or (preferably) bound parameters to pass the data into the query. For example: $stmt = $db->prepare('INSERT INTO table (html) VALUES (:html)'); $stmt->bindValue(':html', $theHtmlCode); $stmt->execute(); When it comes time to display the HTML you need to decide what kind of filtering you want to do. If you want to show the code as text rather than have it interpreted you'd simply run it through htmlentities() or htmlspecialchars(). If you want to have the HTML interpreted but only certain tags you then would need to use some kind of filtering which can be very complicated and generally best avoided. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.