I have a form which will get user information, I am parsing most of the text already. I have set up a [code] tag which will allow users to insert any code they like. Once it's submitted, it will have syntax highlighting, etc. The problem I am running into is that when using htmlentities, htmlspecialchars, or similar to sanitize bad input, we get left with some funky looking outputs sometimes from inside the [code] block. I wish for this to look exactly how the user enters it, but to not actually do any actions on the website. For instance, echo('test'); becomes echo(\'test\'); eliminating the highlighting for the string. I wish for this to be displayed exactly as: echo('test'); however, it should not execute anything to remain safe.
Thanks in advance.
