I am setting up a form through which members of a site can submit their articles to me.
The member fills in a form where the textarea tag contains the article. When they click submit, they can view their article (much like a submission on a forum). Then they click the confirm button and the article is written to a file sitting on my server.
$pagename = "blah.php";
$artinc = "<h2>".$ftitle."</h2><p>".nl2br($farticle)."</p>";
$flname = $pagename;
$fp = fopen($flname , "w");
fwrite($fp , $artinc);
fclose ($fp);
The problem is that if the user submits an article with links or with quotes around phrases they might use, the quotes cause problems.
I need to disable all html/php code EXCEPT links to other sites, and I need to keep quote marks around phrases that need quotes.
I've looked at htmlspecialchars but I don't want to convert the links. I tried preg_replace but I couldn't make it differentiate between quotes within links and quotes in the text (which can be converted to quot; ).
Suggestions?
