The data is submitted (method="post") through a textarea. The mysql_real_escape version is stored in mysql. Then it's read from the database (no unescaping necessary) and passed through htmlentities before being printed into the body of the webpage.
I tried replacing htmlentities with the following function:
Code: Select all
function brentities($x)
{
$x = str_replace("[LINEBREAK]","\n\r",$x);
$x = str_replace("[LINEBREAK]","\r\n",$x);
$x = str_replace("[LINEBREAK]","\n",$x);
$x = htmlentities($x);
$x = str_replace("<pre>\n</pre>","[LINEBREAK]",$x);
return $x;
}What's the best way to settle this issue?
Thanks