Howdy,

I know that a string can be made HTML safe (using htmlentities(), for instance). The problem I have is that I want to convert text that contains a mix of normal text, which should be made safe, and actual HTML which should be preserved.

For example, I might have the following string stored in a database:

My latest photo is called "What's That Smell?". Please <a href="vote.php">tell me what you think</a>.

When I pull it from the database and dump it to the browser, I still want the link to work, so I can't run it through htmlentities() or my HTML will be rendered as normal text. I want to end up with something like (sorry, had to use colons instead of semi-colons so the BBS didn't render the HTML)...

My latest photo is called &quot:What':s That Smell?&quot:. Please <a href="vote.php">tell me what you think</a>

...which will fix the "normal" text but still allow the browser to interpret the HTML.

Does anyone have a function that does this already? I'm sure I could write one using regular expressions and such, but I didn't want to reinvent the wheel if someone has done this before.

Thanks!

I haven't seen anything like that, you best bet would be a regex

are you sure echoing the database field out doesnt work? i have never had an issue with needing to make sure " and ' are HTML safe

The only way I can see around is:

Extract the links from the text and place them in an indexed array and include a marker in the text to identify each link. Use the preg_replace_callback (http://uk.php.net/preg_replace_callback) function to do this.
Then apply htmlentities to the edited string.
Reinsert the links again using the preg_replace_callback function.
This is a perl style regular expression I wrote, compatible with the preg_* functions which I often use to extract hyperlinks from HTML, maybe you'll find it useful.

/<a.*href=((\"(.+)\".*>)|((\S+)((\s.*>)|>)))(.+)<\/a>/siU

The reason it is so long, is that it allows for links with no quotes around the href attribute (valid in HTML 4) and links which span multiple lines.

i work out the code with mysqlf to find there

is nothin like what u intend PHP to do

use stripslashes for data retrival from DB

and use addslashes before inserting the data into DB

no regular experssions or other hassels needed

(Since u just need to dump data to the browser from the DB)

thats it..

use stripslashes for data retrival from DB
No need to do that, it will probably corrupt your data, as all backslashes are assumed to be escape charcters and materalize when you enter the string into the database.