Escaping output safely for both html and input fields

Question

In my web app, users can input text data. This data can be shown to other users, and the original author can also go back and edit their data. I\'m looking for the correct w

Answer 1

If you just need to reverse the encode then you can use html_entity_decode - http://www.php.net/manual/en/function.html-entity-decode.php.

Another possibility to is only run htmlentities at the time the content will be displayed as part of a web page. Otherwise, keep the unencoded text, as submitted or loaded from your datastore.