The website technology supporting Philadelphia Reflections is PHP, MySQL and DHTML. The web hosting service is Internet Planners. The development of this website has provided an opportunity to learn new technology, to try out different techniques for getting noticed by the search engines and the trials and tribulations of dealing with malicious hackers and spammers who range from the annoying to the abusive. This collection of articles documents some of our experiences and we hope that people surfing the web looking for solutions to problems we've encountered will benefit.
When creating scripts that allow a user to edit HTML, you have to ensure that the browser doesn't confuse the input with HTML to be rendered. I struggled with this long and hard and throughout the utilities section of this website are various hacks that I created with brute force. They work, but they are mostly ugly and all were time consuming.
Well, guess what? The PHP manual has a section on this subject and the solution is really rather elegant. Chaper 56. PHP and HTML. It's worth reading, but the essential bits are reproduced below:
Example 56-1. A hidden HTML form element <?php echo "<input type='hidden' value='" . htmlspecialchars($data) . "' />\n"; ?> Example 56-2. Data to be edited by the user <?php echo "<textarea name='mydata'>\n"; echo htmlspecialchars($data)."\n"; echo "</textarea>"; ?> Example 56-3. In a URL <?php echo "<a href='" . htmlspecialchars("/nextpage.php?stage=23&data=" . urlencode($data)) . "'>\n"; ?>