Html database insertions – help with encoding properly

htiek

Hello I’m inserting lots of html into a database that’s coming from a form, previously I’ve only ever used addslashes() and stripslashes() for normal form values and have had no problems but this is the first time I’ve inserted html.

Whats the best method to encode HTML for the database and Decode it at when your getting it out.

I’ve read about htmlspecialschars() and html_entity_decode()

$newsCopy = htmlspecialschars(addslashes(trim($_POST['newsCopy'])))

$newsCopy = html_entity_decode(stripslashes($row[$i]))

but the server where my files are does not have the most upto date version of PHP (I think it need 4.3.0, its got 4.2.2).
I don’t even know if what I wrote above will work cause I couldn’t test it.

Can you suggest another way?

Thanks for any help

laserlight

Just leave it alone.

If you dont wish to have the HTML code take effect when you retrieve it, use htmlspecialchars() before output.

htiek

That’s the problem I need to use the HTMl later. I get an error when I’m assigning the HTML database output to a variable. There must be something in the HTML/database output string that causes the variable declaration to throw an error.