Disabling HTML tags in BLOB (MySQL)

Omri16

Hi all,

I have a system in which users can enter long texts that are stored in a MySQL database as BLOB. The problem is that they can enter HTML tags such as <B>, <img>, <a> etc., and they will actually work and be processed as HTML tags, which may cause significant problems. I want the tags, and the entire text, to be processed as pure text - the only "styling" that should be kept is line breaking.
Does anyone know how to do that?

Thanks a lot 🙂

johanafm

$html = $_POST['user_input'];

// either turn turn everything that you can into html entities (such as &lt;)
$html = htmlentities($html);	// do check the php doc. there's an option for converting ' or " or both

// or just deal with < and >
$html = str_replace(array('<', '>'), array('&lt;', '&gt;'), $html);

But if you don't translate certain other characters, your code will not validate. E.g. '&' needs to be translated into '&'