How To Implement An Wysiwyg Editor And Safely Store Data In Db
Posted 27 March 2012 - 10:59 PM
Posted 28 March 2012 - 7:09 AM
Posted 29 March 2012 - 4:43 AM
$r = htmlspecialchars($c);
Is this too much or it should work?
If it is not safe enough I am thinking of replacing each of these tags with a placeholder (like @@<h1>@@ for '<h1>' and so on...) than strip everything before store the string to database. Than when I want to display it I replace the placeholders with their respective tags.
I wouldn't like to do this if not necessary. What do you think?
Posted 30 March 2012 - 3:58 PM
Posted 2 April 2012 - 8:53 AM