majocmatt Posted March 21, 2007 Share Posted March 21, 2007 I have a site where I let users input text into my mysql database. I run their inputs through mysql_real_escape_string before I enter it into the DB and on the output I run it through htmlspecialchars. My question is: How can I add the ability for users to add things such as hyperlinks or images when all the <> brackets and such are converted to their entity counterpart? I don't want them to actually be able to input HTML, or scripts, but I would like to give them the freedom to insert hyperlinks and images, that will parse correctly on the viewing page. What's the best way around this? Link to comment https://forums.phpfreaks.com/topic/43719-htmlspecialchars-and-me-question-about-safety-and-flexibility/ Share on other sites More sharing options...
Orio Posted March 21, 2007 Share Posted March 21, 2007 Look into BBCode. Orio. Link to comment https://forums.phpfreaks.com/topic/43719-htmlspecialchars-and-me-question-about-safety-and-flexibility/#findComment-212235 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.