I use ob_start(); **lots of php and html here** and then I put $stuff = ob_get_contents(); and then I do a mysql INSERT with $stuff to save the whole thing and log it. I'm wondering here, can the html that will be entered in the DB be modified before it goes there? I mean for example I wanna turn the code into black and white... Would that be possible? To remove all <font color="**"> and </font>s from the code... I'm pretty sure I saw it on another site. Also another question is that the html code contains ' characters, but ''s can't be inserted to the database so I had to make all the 's into \'s. Here's the problem, they appear fine in the database BUT on the original page the users will see my \ characters. Is there another way to solve this without taking the 's away? EDIT: I just realized that when I get the answer for the first one I might be able to solve the second problem myself by simply inserting \ before all 's before it goes to the db.
For your second problem, simply do use addslashes() on your $stuff variable before inserting it and if it still has the \ in it after you print it back out from the database, use stripslashes(). For your first problem, you can remove all tags like that using regex and the preg_replace() function. If you actually want to remove almost all HTML tags except just a couple select ones, I'd look into strip_tags() to make your life easier, but it'll only be easier if you're planning on stripping all except a couple that you tell it not to.
Use the functions specific to each database for escaping characters like apostrophes. http://us2.php.net/manual/en/function.mysql-real-escape-string.php Each DB has a functions section link on this page. http://us2.php.net/manual/en/refs.database.vendors.php