PHP MYSQL

REMOVE HTML TAGS IN PHP MYSQL

(quick guide & example)

id  name text

DUMMY REVIEW TABLE

01

| INTEGER PRIMARY KEY | VARCHAR | TEXT

BAD REVIEW POST

02

HIDDEN SCRIPT INSERTION $_POST = [   "name" => "Le Hackr",   "text" => "<h1>Good product!</h1>   <p>Foo Bar</p>   <script>alert('POO PAR')</script>" ];

INSERT SQL STATEMENT $stmt = $pdo->prepare("   INSERT INTO `reviews` (`name`, `text`)   VALUES  (?, ?)");

PHP INSERT INTO DATABASE

03

CONNECT TO DATABASE $pdo = new PDO( "mysql:host=HOST;dbname=NAME;". "charset=utf8mb4", USER, PASSWORD);

REMOVE HTML TAGS (A)

04

TO STRIP ALL HTML TAGS $stmt->execute([   $_POST["name"],   strip_tags($_POST["text"]) ]);

SELECTIVELY ALLOW SOME TAGS $stmt->execute([   $_POST["name"],   strip_tags($_POST["text"], "<p><h1>") ]);

REMOVE HTML TAGS (B)

05

REMOVE HTML TAGS (C)

06

OR CONVERT TO HTML ENTITIES $stmt->execute([   $_POST["name"],   htmlentities($_POST["text"]) ]);