Display outputted data in my Form so i can edit

Question

How can i display the outputted data that is (contents.html) to go in my form textarea (edit.html). I am using a JS HTML WYSIWYG editor (TinyMCE) in the form page to make it easier for people with no HTML experience to make edits.

(i am aware of XSS attacks but i'd just like to get this working for now.) I have tried echo but it will not work, anyone know how i can achieve this?

Regards

edit.php // Submits form data to contents.html

<?php file_put_contents("content.html", print_r($_POST['content'], true)); ?>
<form method="post">
<textarea name="content" style="width:960px; margin: 0 auto;" rows="20" cols="20">


</textarea>
<input type="submit" name="save" value="Submit" />
</form>

contents.html

// Blank until something is submitted with the form

index.php

// Retrieves data from contents.html and displays it

<?php echo file_get_contents('content.html');?>

Answer 1

Just print the contents in the textarea, after escaping it. This will prevent XSS in your form (edit.php), and cause the HTML contents to be shown correctly.

The if-statement checks whether the form has been submitted or not. If that's true, the contents from $_POST['content'] will be written to content.html. Note: isset($_POST['save']) and name="save" are optional for checking whether the form has been submitted or not, but if you've multiple submit options (e.g., a preview button), it's required.

<?php
if(isset($_POST['save']) && filter_has_var(INPUT_POST, 'content')){
    file_put_contents("content.html", filter_input(INPUT_POST, 'content'));
}
?>

<form method="post">
<textarea name="content" style="width:960px; margin: 0 auto;" rows="20" cols="20"><?php
echo htmlentities(file_get_contents("content.html"));
?></textarea>
<input type="submit" name="save" value="Submit" />
</form>