Inputing HTML code in a mysql field

I have a textarea where I allow my users to enter text into a mysql table via php

  $id = testInput($_POST['userID']); // Create and append a variable for about
  $title = testInput($_POST['Title']); // Create and append a variable for name
  $experience = testInput($_POST['Experience']); // Create and append a variable for about
  $ip = getRealIpAddr();

  //echo '<pre>';print_r($_POST);echo '</pre>';
  //echo '<pre>';print_r($_FILES);echo '</pre>';

  $sql = "INSERT INTO experiences 
  (userID,title,experience,ip) 
  VALUES 
  (:id,:title,:experience,:ip)"; // SQL Statement

then I prepare and execute the statement,
When I display the field, is there a way to insert HTML code (only the
tag) so that it doesn’t appear as 1 super long block of text, but rather when the user uses the enter key to cause a new line in the text area (before its INSERTed into the database) it shows up as a
tag thats INSERTed then? I only want to have the
tag used to prevent any SPAM though

You can use the nl2br function for that.

Also, do you already strip all other tags somewhere? I don’t see it in your code.

Yes, I run the textarea through a function

function testInput($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

like

 $experience = testInput($_POST['Experience']); // Create and append a variable for about

but now should I use

$experience = nl2br($experience);

As an after that should work OK. As an instead of, probably not such a good idea. My preference would be to call that with the return passed as the argument as long as the nesting wasn’t to messy / confusing.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.