I got this code from the internet. The author said it saves my web site against malicious attacks. However, I want to allow users to post some links to somewhere like below.
$text = "My website is <a href='http://www.somewebsite.com'>somewebsite</a>.";
$saved = htmlspecialchars(html_entity_decode($text), ENT_QUOTES);
echo str_replace(array("\\r\
", "\
"), array("<br />", "<br />"), $saved);
How could I do that.
Thank you,
The author wrote his code this way for a reason, user submitted data can be malicious that leads to virus or XSS attacks, especially when the <script> tag is used. If you have to enable certain tags like <a> to be submitted, you may use HTML purifier. Also read this stackoverflow article for more information:
http://stackoverflow.com/questions/1397221/php-allow-users-to-make-posts-with-certain-tags
Thanks for suggestion. That’s exactly what I need.