Someone please help - PHP question

Question

hypno2000 0 Newbie Poster

12 Years Ago

allow HTML in text area - PHP

Postby hypno » Sun Nov 13, 2011 9:56 pm
I am working on php based site.( :( and I am a newbie in PHP) .

A upload form is part of the site. When tested submiting the form, whatever HTML tag I input , it is not rendering HTML but simple plain text with tags like this <b>Bold</b> and not like Bold.

I searched whole folders and php files for "strip_tags", then disabled it. However it still not rendering HTML upon form submission.

I want to enable at least 1 text input area to be html tag acceptable. At least <a> tag.

Any clues? is there any other fuction which has disabled HTML tag input? Or do I need to enable anything in the database?

Sorry I dont have much experience in this matter, I am learning slowly.

Thanks for all for reading this.
Cheers.

php

2 Contributors
1 Reply
148 Views
9 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by diafol

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

diafol · Answer 1 · 2011-11-17T00:33:47+00:00

I don't follow what you're trying to do. Are you typing/pasting html format text into a textarea and then posting the form?
You then pick this up in the form of something like $_POST

What do you do then? If you use htmlentities() or htmlspecialchars() is will change <, > etc to < and > html encoded characters. It shouldn't do this by itself.

If you want to save this to DB in html encoded format, that's OK - you can change it back for output thus:

echo html_entity_decode($var);

or

echo htmlspecialchars_decode($var);

An advantage of storing html encodeds and echoing as are is for showing html (and other markup/languages) as code. But I don't think you need this.

You should search for '<script' though - you need to strip that if possible as it could be malicious. In addition if you're not using PDO or MySQLi, you'll need to use mysql_real_escape_string() to prevent problems with the query itself.