uploading rich text

garfx

i was just wonder what was best practice whilst inserting or update rich text (text with commas, punctuation html tags etc) i'm currently using the following

$Description = htmlspecialchars(html_entity_decode(addslashes($_POST[richtext])));

is there a better way to deal with this - also many of my cms have multiple input fields is there a way of applying formatting to them all?

thank you

Gareth

NogDog

The database couldn't care less about HTML tags, entities, and so forth. All you need to do is protect against SQL injection and parse errors by using the applicable escaping function or prepared statements for the database interface being used (e.g. [man]mysql_real_escape_string[/man] for the basic MySQL extension).

When you retrieve the data from the database and output it, then is the time to apply any output filtering for the target client, such as htmlspecialchars() or htmlentities() if outputting XML or HTML.