PHP Form: HTML not interpreted correctly

Question

I have a PHP form which collects CSS and HTML code from the user. Then the form loads a PHP page which includes the CSS and the HTML.

My problem is that the HTML is displaying as plain text instead of HTML.

In the handle PHP file, I use file_put_contents($newshtml, $html);

In the final PHP file, I use include "html.html"; between the body tags.

Why is the HTML input not interpreted as HTML?

THE HANDLER PHP CODE

<?php
    $newshtml="asset/html.html";
    $newscss="asset/style.css";
    $html=htmlentities($_POST['html']);
    $css=htmlentities($_POST['css']);
    $html=stripslashes(nl2br($html));
    $css=stripslashes(nl2br($css));

    if(!is_file($newshtml, $newscss))
    {
        $verifhtml=@fopen($newshtml, "w+");
        $verifcss=@fopen($newscss, "w+");
    }
    $verifhtml=@fopen($newshtml, "r+");
    $verifcss=@fopen($newscss, "r+");

    file_put_contents($newshtml, $html);
    file_put_contents($newscss, $css);

    header('Location: layout.php');
?>

THE FINAL PHP CODE

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <link rel="stylesheet" type="text/css" href="style.css" media="screen">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta name="viewport" content="initial-scale=1.0">
    <meta name="format-detection" content="telephone=no">
    <title>Important: Responsive Email Templates</title>
</head>
<body style="font-size:12px;" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<?php include "html.html"; ?>
</body>
</html>

Answer 1

Don't call htmlentities() on the user's input. This translates all the HTML special characters into entities, so that they display literally instead of being interepreted. For instance, if the user enters:

<h3>header</h3>

it will be converted to:

<h3>header</h3>

Answer 2

Try this instead:

<?php echo file_get_contents("html.html"); ?>