I am trying to display comments on a page and am having some trouble.

Question

0

Editorial Team

Asked: May 22, 20262026-05-22T02:21:16+00:00 2026-05-22T02:21:16+00:00

I am trying to display comments on a page and am having some trouble.

0

I am trying to display comments on a page and am having some trouble.

There are essentially two different types of comments I am trying to handle:

(1) The XSS type.. e.g. <script type="text/javascript">alert('hi')</script>. This is handled fairly easily by escaping it before it gets into the database and then running stripslashes and htmlentities on it.

(2) The comment with <br> breaks in it. When the data is stored into the database, I am running nl2br on it so the data looks like hi<br>hello<br><br>etc. However, when I display this comment, the <br>s do not turn into page breaks like I want them to.

Any idea what to do? I should note that turning off htmlentities fixes the second type, but the first type then is executed as pure html and displays an alert dialog.

Thanks,
Phil

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T02:21:17+00:00

Editorial Team

2026-05-22T02:21:17+00:00Added an answer on May 22, 2026 at 2:21 am

One method: Replace <br> with a placeholder, like \n. Then do htmlentities to clean up html code. Finally, replace \n back with <br> to recover the line breaks.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am trying to display comments on a page and am having some trouble.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply