1

I have a field in the form that contains HTML, so I use htmlspecialchars before displaying it to the user, so it actually shows up like HTML (with tags), so something like this

//in my php script, right after I get the values from the database
$someVar = htmlspecialchars($someVar);

//inside html (I use Smarty template)
<input id="someVar" name="someVar" type="text" size="50" value="{$someVar}"></input>

Now the problem happens when the user submits the form, somehow tags are lost on the page submit and I simply get the text (interpreted HTML) written to the database.

How do I successfully allow the user to edit fields that contain HTML tags?

Improve this question
5
  • Confirm that this is the case. I doubt it is. You are probably looking at some debugging output in your browser, and the browser is interpreting the HTML. Either that, or you have some filter on your server trying to prevent XSS or something. If this is the case, then show us the relevant PHP code, and the dump of $_POST or something. Commented Dec 3, 2012 at 4:26
  • i think stackoverflow.com/questions/12613762/… and stackoverflow.com/questions/46483/… will help you Commented Dec 3, 2012 at 4:27
  • No Brad, I am not looking at debugging output. I am looking at the form input field that now contains bold text instead of bold tags. When I spit POST out before I save it to the database, the tags appear stripped already. So it happens between form submit and spitting out POST - ie, in a place that I have no control of. Commented Dec 3, 2012 at 4:55
  • Perhaps I will re-phrase the question. How do I allow the user edit input fields that contain html tags and make sure that they are saved in the database as text containing html tags? Commented Dec 3, 2012 at 4:56
  • @NullPointer, it's not a safety issue that I wondering about here, it's the functionality. Commented Dec 3, 2012 at 4:57
Related questions
1
php htmlspecialchars
0
alternative to htmlspecialchars
0
htmlspecialchars - there must be a better way
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.