0

I have some text that I get from the database like this:

$solution = $row['solution'];

Then I have some HTML I create in PHP using that variable like this:

echo '<a class="delete_suggested_solution" data-problem_id="'.$problem_id.'" data-suggested_solution_id="'.$suggested_solution_id.'" href="#">Delete</a> | <a href="#" class="edit_suggested_solution" data-problem_id="'.$problem_id.'" data-suggested_solution_id="'.$suggested_solution_id.'" data-solution_text="'.$solution.'" data-solution_title="'.$solution_name.'">Edit</a>';

That actually works fine in most cases, but when the $solution has a link in it like this <a href="http://SomeUrlWhatever.com">something</a> then this HTML breaks the HTML on the page when it is displayed.

Is there something that can be done so that the HTML on the page does not become broken for me?

Thanks!!

Improve this question

1 Answer 1

Reset to default
5

Assuming the part you want here is something and not the link, just use strip_tags() and htmlentities() to retrieve only the tag's inner text content, and encode quotes to be used inside HTML attributes.

$solution = htmlentities(strip_tags($row['solution']), ENT_QUOTES);
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

thanks - trying it now. What about when actually displaying the text? Should I use the functions you suggest? Or should I not "massage" any of that text?
@GeekedOut If you're just displaying it and it originated as user input, use htmlspecialchars() to encode it against cross site scripting attacks.
what are cross-site scripting attacks? I mean - what do they do to my forms?
@GeekedOut see en.wikipedia.org/wiki/Cross-site_scripting They make it possible for malicious users to run javascript against other users on your site, potentially modifying your site's content or launching drive by downloads.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.