在HTML实体中使用href

Question

I use html entities to secure my site.
And my client want to add link in his post using the CMS.
how to make exception in html entities?

my code example:

<p><?php echo h($row['message']) ?></p>
//h is my function for htmlentities

My code display this message:

"You can click this link <a href="###">Link</a>"
//And I dont know my data insert '\'
//It become <a href=\"###\">Link</a>

If my question is not clear please ask.
Really appreciate.

Answer 1

I believe what you want to do is pass into the DB with htmlentities() so it doesn't mess with your DB. To retrieve them you would use html_entity_decode(). The html_entity_decode() converts all strings with HTML entities back to there original string.

http://php.net/manual/en/function.html-entity-decode.php

Hopefully this answers your question.

Edit: Raw data retrieved: http://www.example.com

Through htmlentities it spits out the HTML entities, which the browser cannot interpret when attempting to find that page. The use of htmlentities() (please if I'm wrong correct me) is to encode user input before passing it anywhere else.

User input: <script>hacks</script>

Passed though htmlentities:

&ltscript&gthacks&lt (whatever backslash is)script&gt

(This way it can't mess with anything in your database, better example is the use of PHP/MySQL but I'm not well versed to give that exact example at the moment.)

However this would expose your site when decoding it as well and other precautions would have to be taken.

Answer 2

Try this :

<?php 
   $link = h(stripslashes($row['message'])); 
?>


You can click this link <a href='<?php echo $link; ?>'>Link</a>