3

I am inserting the user input into a DB using PHP.

Can I replace the special characters in the input into HTML characters like: & = &amp ; ' =, &apos ;

I only want the special characters to been replaced.

The user has to chose to format the design of his profile so the text-editor puts millions of div's with id´s inside my table this way they would get converted into a "safe" strings

< div id='test'> my name is john< /div>

Should output:

&lt ; div id &equals ;&apos ;test &apos ; &gt ;my name is john &lt ;&sol ;div   &gt ;

https://dev.w3.org/html5/html-author/charref

Dharman
  • 30,962
  • 25
  • 85
  • 135
Burak Topal
  • 31
  • 3
  • i think preg_replace wont work for me becouse i wannt every special Character to html not one or 2 specific to 1 or 2 other – Burak Topal Apr 17 '16 at 11:43
  • 1
    Without a more accurate example of what you are actually trying to replace we will just be guessing – RiggsFolly Apr 17 '16 at 11:48
  • There is a standard way to do this on every platform. Under no circumstances use regular expressions. You need to tell us what platform you are using, perhaps show some code – Pekka Apr 17 '16 at 12:13
  • Does this answer your question? [How to prevent XSS with HTML/PHP?](https://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php) – Dharman Feb 28 '20 at 19:50
  • There are many answers on this question: "PHP - Convert Special Characters to HTML Entities" https://stackoverflow.com/q/4808373/2430549 What have you tried? – HoldOffHunger Feb 28 '20 at 20:42

1 Answers1

0

This function could help you htmlentities.
more info about this function here

Subrata
  • 175
  • 1
  • 2
  • 15