From: "Thaddeus J. Quintin" <[EMAIL PROTECTED]> > I'm working on a site where users have the option to type HTML code into > a textarea, or upload HTML code from a local file which is then > displayed in the text area. > > The obvious problem is that an uploaded file that contains a closing tag > for a textarea can wreak havoc and eat up the rest of the page. So, in > order to get it to display properly, I called htmlspecialchars() on the > string and that works fine. > > After any editing has been done, I can convert the text back using > html_entity_decode(). This seems to be a decent solution to the problem. > > However, if the user has included htmlentities in their code, won't > these get converted when I call the decode function? Even something > simple like using a '<' symbol for a little arrow. This would need to > remain a '<' and not get converted when html_entity_decode() is called.
You should not have to call html_entity_decode() at all. You encode the text to get it to show in the text area. When the form is submitted, you get the text exactly as it appears in the textarea. in other words, without the html entities. Try this: <textarea name="text">This is <some> text</textarea> If you submit that "text" and then print $_REQUEST['text'], you'll see that you have This is <some> text ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
