0

I am saving HTML to a MySQL database. The HTML is posted back from the front-end. I get an issue where certain characters are 'unescaped' by the front-end (rightly so) but I need to 'escape' them again prior to saving the HTML to the database.

As an example; the browser gets sent the following:

<p style-id=".btn-widget &gt; a">foo</p>

The browser then sends back something like:

<p style-id=".btn-widget > a">clients custom text</p>

Note the &gt; is now a >. I need to escape this before saving this HTML to the MySQL database.

Is there a PHP function that can do this for me?

sazr
  • 24,984
  • 66
  • 194
  • 362
  • https://www.php.net/manual/en/function.htmlspecialchars.php – ADyson Jan 02 '20 at 11:09
  • 1
    you can use `htmlspecialchars()` – Devsi Odedra Jan 02 '20 at 11:10
  • Use htmlspecialchars() to remove. If there is already inserted data strip_tags() to get clean output – Gorkhali Khadka Jan 02 '20 at 11:13
  • what you get after using strip_tags() function. It should remove P tag completely. – Suresh Kamrushi Jan 02 '20 at 11:14
  • 1
    I think you might hit a couple of problems here - firstly you're going to need to be able to parse the value of the `style-id` attribute separately from the rest of the HTML; using something like `htmlspecialchars()` will convert all the HTML tags you want to keep as well, e.g. `<p style-id=".btn-widget > a">foo</p>`. To get the `style-id` attribute values you'll probably want to use a DOM parser, but AFAIK `style-id` isn't a valid HTML attribute to start with so you'll need to use a generic XML parser... I just have a feeling you're going about this the wrong way. – CD001 Jan 02 '20 at 11:26

0 Answers0