Insert HTML to DB via form using php

Greetings,

I'd like to insert html via a form into my database using php. Can anyone please tell 开发者_JAVA百科me what function I can use to ensure something such as

<p>This is a test</p>
<h1>Turns up correctly</h1>

Turns up in the database correctly. Right now when I do an insert the special characters are replaced with the HTML special character code.

Also whats the best way to handle inputs such as this? My code is going to be very fragile against something such as special characters and quotes.

Thanks

You only need mysql_real_escape_string():

mysql_query("INSERT INTO
                table
            SET
                html = '".mysql_real_escape_string($myHTML)."'");

DB doesn't care of special characters. The important thing is to escape quotes, which mysql_real_escape_string() will handle.

So no need for htmlentities($myHTML) or anything like that, and when you fetch the HTML back from the database, it is already in the right format for outputting.