What is the best way to get the right filter for an HTML editor in PHP?

Question

What is the best way to get the right filter for an HTML editor in PHP?

I am using the TinyMCE editor on my site. I want to learn how to properly filter for input when I insert into the database. What filters should be used? For example, I get this DB entry this way;

$example = $_POST['example'];

<textarea name="example"></textarea>

I do not use htmlscepialchars (); because i need html tags.

"Sorry for my poor English."

+3

javascript editor filter php

Aaron Jul 07 '10 at 11:02

source share

2 answers

Richard Knop · Answer 1 · 2010-07-07T11:43:36+0000

HTMLPurifier

Download it here: http://htmlpurifier.org/

Turn it on:

include 'path/to/HTMLPurifier.auto.php';

Use it:

$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'Encoding', 'UTF-8');
$config->set('XHTML', 'Doctype', 'XHTML 1.0 Strict');
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify( $dirty_html );

And sleep well, knowing that HTML doesn't have XSS attacks like this fixed.

, mysql_real_escape_string(), , ( ), , HTML- WYSIWYG, .

mysql_real_escape_string() SQL-, (google "PDO" ) .

xil3 · Answer 2 · 2010-07-07T11:07:16+0000

, html - ?

db:

urlencode($_POST['example']);

, urldecode ($ data);

What is the best way to get the right filter for an HTML editor in PHP?

More articles: