Preserve and display text exactly how it is typed and submitted

Question

I\'m having lots of trouble preserving the exact look of how a user types out a short paragraph.

My problem is that random slashes and html show up

Answer 1

1. Make sure Magic Quotes are off or, if you can't disable them, cleanse your strings from them. Read the manual for details: http://www.php.net/manual/en/security.magicquotes.php
2. When inserting your text into the database, escape it properly for SQL syntax once or, better, use prepared statements. See How can I prevent SQL injection in PHP? and The Great Escapism (Or: What You Need To Know To Work With Text Within Text).
3. When outputting to HTML, use htmlspecialchars to avoid HTML injection or plain syntax problems and afterwards use nl2br to format line breaks specifically for HTML.

That's basically it.

Answer 2

On the second step you need to escape it with mysql function.

But for correct outputing it you need to do following

<pre><?= htmlentities($mysqlRow['data']); ?></pre>

This will get from database result needed information and will outputs it like it is. With all spaces and tabs and html tags in it. (If user enters <html> this will output <html> like text)