Preserving HTML tags in input

I’ve written a simple form that allows user input and I’ve got the following code that does preserve carriage returns:

if (isset($_POST['submit']))

	$mysql = array(); // create array of mysql escaped values
	$mysql['text'] = mysql_real_escape_string( $_POST['text'] );

	// This will preserve spacing
	$query="INSERT INTO dl_blog(body) VALUES ('{$mysql['text']}')";	

	$query="SELECT * FROM dl_blog ORDER BY id DESC LIMIT 1";
	$result = mysql_query( $query );
	while( $row = mysql_fetch_array( $result, MYSQL_ASSOC ) ) 
		$html = array(); //create an array of html formated values.
		$html['comment'] = nl2br( stripslashes( htmlentities( $row['body'], ENT_QUOTES, 'UTF-8' ) ) );
		echo "<br />{$html['comment']}<hr />";

The above shows the input for testing purposes - but it doesn’t allow any HTML characters as when they get echoed out I can see them ie <h1> but they don’t actually affect the output.

How can I make it so that the HTML actually “works” when it is output?


(I got some of the above code from searching around the web, I didn’t write it all myself)

Many thanks, that works, I suppose this is what you get for using code you don’t fully understand.


Eliminate htmlentities from your code, and see what happens.
You might need to eliminate stripslashes as well, it depends.