• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Manage html formatted text

#1
Hi, I was wondering what was the best way to handle formatted text?

Let's say the case of a simple text without the use of "editor", so that it includes every newline and maybe some tags, like <strong> <i> and similar.

What is the best way to save input into the database?
And how to print it on the page?
Reply

#2
If you accept plain HTML tags, you are subject to XSS attacks, you need to use a filter to remove those attacks.
For example: http://htmlpurifier.org/

Just save it in a TEXT, MEDIUMTEXT etc depending on size.

And just use "echo $text;" for printing.
Reply

#3
Let's say that I exclude simple tags, therefore simple text but which still includes the line wraps.

I send everything from a textarea and save it in the database as a simple input without filters?

Once I print it "echo $ text;" will I see the text all continuous, without a line, or am I wrong?
Reply

#4
You need to exclude ALL tags if you don't want to use a filter.

You should always save everything as it (after filtering/validation). Escape are done on output.

You need nl2br($text) if you want \n converted to <br>. Depending on what kind of editor you have. If they are \n or <br> already.
_______________

You need to use nl2br(esc($text)); or you are subject to XSS. In case you don't use a filter. But as a preclusion, always use esc(). If you don't want user styling.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.