question about storing data

[desjardins2010]

Hey Me again;

 

when storing data to mysql db i want to ensure it's safe the data I need to store is HTML code so in essence could be awhole page of html depending on what the user creates - I want them to be able to paste there html code store it and have it displayed on a page..

 

so would I just be ok using htmlentites() or something else or something in addition?

 

and have it not loose it's html properties

[kicken]

As far as storing it into the database, you just need to use proper escaping or (preferably) bound parameters to pass the data into the query. For example:

$stmt = $db->prepare('INSERT INTO table (html) VALUES (:html)');
$stmt->bindValue(':html', $theHtmlCode);
$stmt->execute();

When it comes time to display the HTML you need to decide what kind of filtering you want to do. If you want to show the code as text rather than have it interpreted you'd simply run it through htmlentities() or htmlspecialchars(). If you want to have the HTML interpreted but only certain tags you then would need to use some kind of filtering which can be very complicated and generally best avoided.