Reputation: 6570
I am trying to form HTML in my PHP code, something like this:
$output .= '<div>'.$text.'</div>;
echo $output;
however, I found $text might have some html characters, such as >
, <
, '
, "
, etc... and this will make the final html corrupted.
I was thinking to remove > < ' "
from $text, but maybe there are more characters I should remove? And what's the best way to do it?
Upvotes: 0
Views: 3706
Reputation: 5093
The PHP function htmlspecialchars is your friend.
I've put an example from php.net below to show how it works:
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
N.B. When reading php.net pages, take time to scan through the comments of any functions/ classes you might be thinking of using as they often contain real world examples of issues you may encounter.
However, I'm not entirely certain you should have asked this question, because a quick Google would have returned the results you're looking for. If you see StackOverflow or PHP.net results which seem on topic, then they're well worth a browse before posting a question which may have been asked before.
Upvotes: 7