CodeIgniter Forums
Manage html formatted text - Printable Version

+- CodeIgniter Forums (
+-- Forum: Using CodeIgniter (
+--- Forum: Best Practices (
+--- Thread: Manage html formatted text (/showthread.php?tid=76176)

Manage html formatted text - Marcolino92 - 04-19-2020

Hi, I was wondering what was the best way to handle formatted text?

Let's say the case of a simple text without the use of "editor", so that it includes every newline and maybe some tags, like <strong> <i> and similar.

What is the best way to save input into the database?
And how to print it on the page?

RE: Manage html formatted text - jreklund - 04-19-2020

If you accept plain HTML tags, you are subject to XSS attacks, you need to use a filter to remove those attacks.
For example:

Just save it in a TEXT, MEDIUMTEXT etc depending on size.

And just use "echo $text;" for printing.

RE: Manage html formatted text - Marcolino92 - 04-19-2020

Let's say that I exclude simple tags, therefore simple text but which still includes the line wraps.

I send everything from a textarea and save it in the database as a simple input without filters?

Once I print it "echo $ text;" will I see the text all continuous, without a line, or am I wrong?

RE: Manage html formatted text - jreklund - 04-19-2020

You need to exclude ALL tags if you don't want to use a filter.

You should always save everything as it (after filtering/validation). Escape are done on output.

You need nl2br($text) if you want \n converted to <br>. Depending on what kind of editor you have. If they are \n or <br> already.

You need to use nl2br(esc($text)); or you are subject to XSS. In case you don't use a filter. But as a preclusion, always use esc(). If you don't want user styling.