Member Avatar for naju

if some users insert data like
";:<script><html>< // >@@#";

then i Sanitize this data to something like
&quot;;:&lt;script&gt;&lt;html&gt;&lt; // &gt;@@
before inserting to db
when i print this form db to html

for inside <p> tag its cool but for inside h1 tag is prints as it is
<h1>&quot;;:&lt;script&gt;&lt;html&gt;&lt; // &gt;@@</h1>
output: &quot;;:&lt;script&gt;&lt;html&gt;&lt; // &gt;@@

<p>&quot;;:&lt;script&gt;&lt;html&gt;&lt; // &gt;@@</p>
output: ";:<script><html>< // >@@#";

now i need to corrent on h1 tag to make similar to <p> tag

thanks

  • 2 Contributors
  • 1 Reply
  • 95 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by diafol
Member Avatar for diafol

You need to [B]html_entity_decode()[/B] the string before outputting to html. If you checkout your database entry (through phpmyadmin or whatever it's called or a good GUI), you'll probably see that the &quot; .... has changed to &amp;quot; ....

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.