hello !
right, I've tried figuring this out myself, checking tutorials etc but cant quite get this.
Im setting up my bands website so that any of us can update the news page from wherever we are, I have set up the control panel, which successfully passes the data to a mysql database, and I can successfully get it back out and display the data on our news page
however, I'd like to be able to pass quote marks, simple tags like line breaks, bold, itallic
I've tried using htmlspecialchars() and strip tags but then the news page just displays the actual tags rather than implementing them
this is the code for retrieving
mysql_connect($db_host,$db_user,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
$query = "SELECT * FROM news order by id DESC LIMIT 25";
$result = mysql_query($query);
while($r=mysql_fetch_array($result))
{
echo"<span class='date'>$r[id].// $r[time]</span><br>
<span class='content'>$r[news]</span><br><br>
</td></tr>
<tr><td align='left' valign='top' bgcolor='E5E5E5'>
</td></tr>
<tr><td align='left' valign='top'>"
;
}
mysql_close();
this is the code for passing
if($_POST['submitnews']) {
$news = strip_tags($_POST['news'],"<b>,<i>,<p>,<br>,<a>");
$news = htmlspecialchars($_POST['news'],"<b>,<i>,<p>,<br>,<a>",ENT_QUOTES);
$time = date("D dS M Y");
mysql_connect($db_host,$db_user,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
$query = "INSERT INTO news (news, time) VALUES ('$news', '$time')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "<span class='headline'>Your news item has been posted</span><br>";
echo "<A HREF=\"http://66.98.138.15/~wakeupcall/controlpanel/\">Back to Admin Area</A>";
can anyone advise ??
