On my site there are many fields with which you can write text to the database. So, so that users do not htmlspecialchars down any script used by htmlspecialchars . But htmlspecialchars also displays as text. And it is necessary that <br> and other types of discontinuity (for example, \n ) work, and not be output as text.
How can this be implemented?
After using htmlspecialchars() you can replace the <br> return to <br> , or make another replacement:
strtr($txt, array('&' => '&', '<' => '<', '>' => '>', "\n" => '<br>') ); 
To convert line feeds to
you can use the function nl2br()
echo nl2br(htmlspecialchars($text)); If your task is to save the <br /> tags, you can replace them before calling htmlspecialchars() with some unique sequence, for example [br] , and after calling htmlspecialchars() , perform the inverse transformation in <br /> .
In addition, if you want to completely exclude tags from the text, you can use the strip_tags() function, which allows you to specify a list of tags to be left in the text as a second parameter.
strip_tags($text, '<br><br/>'); 
Source: https://ru.stackoverflow.com/questions/513679/
All Articles