0

I have a PHP project that allows users to submit an article / tutorial and before I insert the data to my database I do

        $content1 = htmlspecialchars($userscontent);
        $content = htmlentities($content1, ENT_QUOTES);

for safety purposes and when I output the data from my database I decode it. Now I want that text to be structured and not just written on one line and I also want to add the ability to add images to the articles and I have no idea which is the best way to go about this.

Any help is appreciated.

user3929828
  • 1
  • Uhm, what happens when you try it now? Is it stripping content? – Mikel Bitson Nov 05 '15 at 16:27
  • Yes it is definitely stripping the content, but how would I allow users to add images with lets say HTML? – user3929828 Nov 05 '15 at 16:29
  • Sanitise the HTML with something like : http://htmlpurifier.org/ - it's perfectly fine to store unescaped HTML data in the database; `htmlentities()` should be avoided unless it's **absolutely** necessary - it causes far more problems than it solves, better off just ensuring you're using UTF-8 all the way through : http://stackoverflow.com/questions/279170/utf-8-all-the-way-through/279279 – CD001 Nov 05 '15 at 16:29
  • Allowing the user to add an image will require an HTML file field or some advanced javascript. I'd look into using a WYSIWYG, like TinyMCE. http://www.tinymce.com/ – Mikel Bitson Nov 05 '15 at 16:30
  • Alright, I think I confused way too many people with my htmlspecialchars stuff, but yeah the main point was to just allow the user add images and structuring to their articles.. – user3929828 Nov 05 '15 at 16:35

1 Answers1

0

Could you not just use the decode? 

$result1 = html_entity_decode($result, ENT_QUOTES);

$result = htmlspecialchars_decode($result1);

References:

Html entity decode

Htmlspecialchars decode

Although, I would definitely recommend doing what @CD001 says and use the HtmlPurifier library.

chrisShick
  • 1,096
  • 8
  • 21