I have a problem I need some serious help/advice on.
Here's the scenario. I have a form with several text areas. One of these text areas allows users to enter HTML, and the rest do not. The one that does not allow HTML is easy, I simply do something like:
$value = htmlentities($value, ENT_QUOTES);
and like magic, there is nothing to worry about.
However, on the text area that allows HTML I cannot use this method, but yet I want to replace special characters in the input. Most notably I want to replace any of the following characters that are not part of an HTML element tag:
< > " '
Now I need a way to search through the input, find these characters, make sure they are not part of a legal HTML element tag, and if not then replace them with their respective HTML entity:
< > $quot; '
I'm not looking for someone to write this for me, it seems too complicated to be a single question. What I need is a plan of action, and this one is stumping me on where I should actually begin and then how to proceed.
One of my ideas (actually, my only idea) is to search through the input and remove anything that looks like it could be a valid HTML tag, and when I remove it insert a marker in its place like "[PLACE_HOLDER_001]". Store all of the items that I've removed in an array that can then be reinserted into their proper place. This give me an array of tags that I can check to ensure they are valid and a string without any tags in it. Then I can replace the special characters mentioned above without worrying about damaging the HTML element tags. And finally when this is done, loop through the array an insert each element back into the string.
Can anyone give me something else? Or even expand on my idea? Or tell me that this is a stupid way to do something that is actually really quite simple? Am I missing something? Some function in PHP that will do this without all of the work?
Start Free Trial
