I don't even know what you're doing now... feels like you're just throwing functions at your problem and hoping they will solve it.
That link... is it supposed to be clickable? Or is it text for the person to use?
Okay. Anything you put into htmlentities will NOT work as HTML. It'll be displayed instead of interpreted. This is good if you
don't want HTML to work. If you
do then don't use it.
If you put stuff into a tag, like in an attribute, you need htmlentities (or htmlspecialchars - besides the point) to make it safe. But you also need to put the value in quotation marks or apostrophes.
Code: Select all
<input type="text" value=<?php echo $html; ?>> -- BAD
<input type="text" value="<?php echo $html; ?>"> -- BAD
<input type="text" value=<?php echo htmlentities($html); ?>> -- BAD
<input type="text" value="<?php echo htmlentities($html); ?>"> -- GOOD
ALSO GOOD:
<input type='text' value='<?php echo htmlentities($html, ENT_QUOTES); ?>'>
Oh, and when you want to post another picture, don't. Just post part of the HTML source of the page. That whole "pictures are worth a thousand words" is total BS.