I’m running a MySql and PHP driven blog/comment styled site, and want to make

Question

0

Asked: June 16, 20262026-06-16T09:59:47+00:00 2026-06-16T09:59:47+00:00

I’m running a MySql and PHP driven blog/comment styled site, and want to make

0

I’m running a MySql and PHP driven blog/comment styled site, and want to make it so users can add formatting tags into their posts, such as a <bold>, <italics>, etc. tags, however, while running something like htmlentities so the user can’t post something like <a> or <div id="footer"> and break the site.

So the problem is how do I address this issue? Do I make it so htmlentities or a similar function has a whitelist of allowed tags? I haven’t been able to find any results or assistance on this issue. Currently the ordering of layering I have going for the database entity is:

$content = nl2br ($_POST["content"]);
$content = mysql_real_escape_string($content);
$content = trim($content);
$content = htmlentities($content);

Thanks for any help. Again, I’m wondering if htmlentities is even the function I want to utilize to accomplish this, so any suggestions or places to look would be greatly appreciated!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T09:59:49+00:00

Editorial Team

2026-06-16T09:59:49+00:00Added an answer on June 16, 2026 at 9:59 am

Whitelist is a MUST… Use strip_tags() function, with second parameter.

// Allow <p> and <a>
echo strip_tags($text, '<p><a>');

Don’t save encoded html in database.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m running a MySql and PHP driven blog/comment styled site, and want to make

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply