Well, i am making a blog in which i have to show images and links in my every post.So i have to use <a> & <img> tags in my post. but I m also using htmlentities function for "post" string variable ( like this -- <?php echo htmlentities($post); ?> ) to prevent sql injection attack. this htmlentities function will show my tags as text .So is there any way to escape these tags from htmlentities function???
i hope you have understand what i am trying to say .
waiting for any reply .....
aaloo
12
Junior Poster in Training
Recommended Answers
Jump to Postuse mysql_real_escape_string() to escape. Keep the html as is. You can use strip_tags():
http://php.net/manual/en/function.strip-tags.phpto allow certain tags only, e.g. anchor and image. The main problem with allowing html is <script> and badly …
All 3 Replies
Reply to this topic
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.