So I have slight problem. The PHP program I am working on allows web designers to post some code sometimes, and is put into a backend database. Sometimes the designers may also want to discuss html entities.
So let's say the designer adds a line of code to database like this:
<p>hellos friend</p>
So I use PDO to stick this line in the database without escaping it, and everything is fine, it shows up good. Now, I want the web designer to be able to edit this, so when I pull it out of database I use this code after:
$post = htmlentities($post);
It is good now that I can insert this into my editor:
<textarea>$post</textarea>
But we have problem because when this guy edit this code, he submit and it go back into the database and now it got HTML entities and has & lt ; instead of < and & gt ; instead of > (it is hard to type this on SA it re-encodes it)
<p>hellos friend</p>
So now it's wrong in database, so when I display it again, it show the entities.
So maybe I can run the opposite of htmlentities after editing it and re-add all the entities, if there is such a thing, but that brings another problem:
What if a web designer is telling other guy "Hey man, this is what an html entity is, it is typed like this: & lt; you should use it"
Then THAT is going to turn out to get stuck back into NOT being an entity, you see what I mean? Is there a solute?
I think you are looking for the html_entity_decode() function. It is the reverse of htmlentities(). It converts the < back into <
http://php.net/manual/en/function.html-entity-decode.php
For your second issue you would need to have the designers escape the html entities somehow. I don't think PHP has a way to escape them but I could be wrong. It might be something you would have to implement yourself, like have the designer put a \ in front of the entity to set it apart from the entities that are suppose to be converted to HTML and then parse the input looking for escaped entities.