How on php to prohibit the execution of code on the page, if a record is taken from the database and it contains any code (HTML, PHP, JS ...)? htmlspecialchars() does not offer functions like.

PS Like this site. Any code that was written in the question is not executed at all.

Thank.

    3 answers 3

    The simplest: All output to do through <pre></pre>

    UPD:

    IMHO: Usually, they do something like this (errors are possible):

     $rules = Array( '[br]' => '<br>', '[b]' => '<b>', '[/b]' => '</b>' ); $tag_in = Array(); $tag_out = Array(); foreach ( $rules as $code => $tag ){ $tag_in[] = $code; $tag_out[] = $tag; } $res = htmlspecialchars( $res ); $res = str_replace( $tag_in, $tag_out, $res );
    • 2
      htmlspecialchars than not pleased about @ Chosen? - Zowie
    • 2
      @AlexWindHope is not a govnod code! if elementary he concludes a div in <center>...</center> then what php itself looks like I’m afraid to see even in the worst dream!) - Palmervan
    • one
      @timka_s, Your code contains what the author does not like :) htmlspecialchars ->: D - Dmitry Alekseevich
    • one
      The author is inadequate, I understand if the author did not like it because it was not working, it would not always be applicable, etc. But here the reason is different - it is much easier to think that this is a HS function than to try to figure out its (type) code - Zowie
    • one
      @AlexWindHope, he will soon have all the functions of the UG, and will look for a replacement echo ... And, well, there may still be an outcome, because PHP, I will go to program in BF :) - Dmitry Alekseevich

    Crackers with htmlspecialchars? Oh, 100% saw instead of the characters "????????" and thinks it's in htmlspecialchars

    • 2
      I hinted about the second question “thinly” = \ - Zowie
    • one
      I'm shocked, you need to do more for comments not just +1 but also a minus like the answers !!! - Artem
    • one
      Humor is not appreciated. Encoding works fully correctly. But if there is nothing to say about the implementation of the method - please dry up the topic and not consider yourself a "skilled programmer, a prankster." It is a pity that you have nothing to say about this, - Or maybe the control will be much more interesting than implementing methods for solving the problem. My sincere condolences. - Elected
    • one
      I can say one thing. Why does it work for everyone, but it is for you - no? Do not you think that you have a problem in the code? Nobody will reinvent the wheel now, htmlspecialchars - and that's it - Dmitry Alekseevich

    Is it difficult to open the source code and see how it's done here? By the way here, any code that is written in a comment or question is executed according to the type of the htmlspecialchars() function and is framed in a pre tag.

    • It is difficult for a person to be normal, thoughtful, in Russian, with examples, to read the dock about the 1st unfortunate function, and you can open the source here ... Of course it is difficult: D - Zowie
    • I then do not know what to do. % ( - Oleg