Which is the best way of correct filter for HTML editor in PHP?

I'm using TinyMCE editor in my site. I want to learn way of correct filter for my input when i'm inserting to DB. Which filters are need to use? For example i get this input to DB this way;

$example = $_POST['example'];

<textarea name="example"></textarea>

I'm not using htmlscepialchars(); because i need the htm开发者_JAVA技巧l tags.

"Sorry for my poor English."

HTMLPurifier.

Download it here: http://htmlpurifier.org/

Include it:

include 'path/to/HTMLPurifier.auto.php';

Use it:

$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'Encoding', 'UTF-8');
$config->set('XHTML', 'Doctype', 'XHTML 1.0 Strict');
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify( $dirty_html );

And sleep well knowing there are no XSS attacks in HTML cleaned like this.

People suggesting mysql_real_escape_string() probably didn't get your question (or i didn't), you were asking how to filter HTML markup from a WYSIWYG editor so it can be safely stored in a database.

mysql_real_escape_string() is relevant as a protection against SQL injection but prepared statements (google "PDO") are better for that.

If I understand correctly, you want to save html to your database, and need some way to encode it?

You could do the following before saving to the db:

urlencode($_POST['example']);

And when you retrieve, you can urldecode($data);