Jump to content


Photo

When I Insert Into Database How Can I Not Allow Tags? <Td> And


  • Please log in to reply
10 replies to this topic

#1 Mancent

Mancent

    Advanced Member

  • Members
  • PipPipPip
  • 149 posts
  • LocationWinchester

Posted 23 December 2012 - 03:49 AM

I want to allow users to insert into database but i have to prevent them from inserting in tags, how can I do that?

I understand the post, and how to insert, but how do I check that no tags where wrote in?

This is a ok inseart

<td>this is not a ok insert</td>
or any other tag

#2 thara

thara

    Advanced Member

  • Members
  • PipPipPip
  • 416 posts
  • LocationPanda

Posted 23 December 2012 - 05:07 AM

Clearly, what do you want to do here. How do you try to insert data into the database?


IT consultation and Integration : Web Design and Web Development.

#3 Manixat

Manixat

    Advanced Member

  • Members
  • PipPipPip
  • 166 posts

Posted 23 December 2012 - 05:37 AM

php strip_tags()

NOTE: You can also allow them to insert tags, and use htmlspecialchars() when you're displaying the text, so that it doesn't mess up your html

Good luck!

Edited by Manixat, 23 December 2012 - 05:37 AM.


#4 Christian F.

Christian F.

    Advanced Member

  • Staff Alumni
  • 3,106 posts
  • LocationNorway

Posted 23 December 2012 - 06:43 AM

I recommend the use of htmlspecialchars () over strip_tags (), as the latter function have some caveats that might very well end up messing up/preventing your users from submitting legit content. Primarily this is because of something just looks like it might be a HTML tag, strip_tags () will remove it. So anything starting with a < is subject to removal, even if it's not properly closed.

Edited by Christian F., 23 December 2012 - 06:43 AM.

Keeping it simple.

#5 Mancent

Mancent

    Advanced Member

  • Members
  • PipPipPip
  • 149 posts
  • LocationWinchester

Posted 23 December 2012 - 01:49 PM

Thank you guys you are a big help!

In flash i can pass strings to strings, so if this.text.string ="SOMETHING";
i can call that sting anytime i want and place it any where.
for example

this.newtext.string =""; <--NOTHING

but if i need that to == what this.text.string is i would just do this.

this.text.string=this.newtext.string;

can I do that in html?

you see my whole site was made in flash, and most of it still is, but I am trying to make it again in html5 and php and html and javascript..

Edited by Mancent, 23 December 2012 - 01:52 PM.


#6 Manixat

Manixat

    Advanced Member

  • Members
  • PipPipPip
  • 166 posts

Posted 23 December 2012 - 03:20 PM

I guess you mean you want to compare 2 strings? Because in PHP == means is equal to, then yes you can do that, but in case you want to see if this.text.string is empty you can check it with the built in function empty()

In case I misunderstood and you wanna set this.text.string to this.newtext.string it is as simple as $string1=$string2

All of that is done in PHP, html cannot compile logic, only elements which are going to be displayed on the page ( well not only but basically )

Edited by Manixat, 23 December 2012 - 03:20 PM.


#7 Mancent

Mancent

    Advanced Member

  • Members
  • PipPipPip
  • 149 posts
  • LocationWinchester

Posted 23 December 2012 - 03:46 PM

That makes scene. its the same thing. I can just use the $_GET to get the string and then just set it again if needed.. in php

#8 Manixat

Manixat

    Advanced Member

  • Members
  • PipPipPip
  • 166 posts

Posted 23 December 2012 - 04:16 PM

Well $_GET is nothing but an associative array filled with variables from the url. Say you have your file index.php and you address it like this

index.php?variable=value&more_variables=more_values

Then you can do

print_r($_GET) to see what it contains, every value that has been set in this or the $_POST array can be modified

Edited by Manixat, 23 December 2012 - 04:21 PM.


#9 Christian F.

Christian F.

    Advanced Member

  • Staff Alumni
  • 3,106 posts
  • LocationNorway

Posted 23 December 2012 - 04:35 PM

It sounds like you might want to read up on variable scope in PHP, and how that relates to functions (and classes).
It should be noted that while the examples in the PHP manual use the global keyword, and the $_GLOBALS superglobal, you should use neither. Instead you should pass the variables as parameters to the functions, and use return to get the data back from a function.

Also, since you seem to be mixing PHP and HTML, it can be advantageous to think about PHP as the logic layer, and HTML as the presentation layer. HTML itself doesn't do any logic, as Manixat stated above, it only displays static content. PHP, on the other hand, is executed on the server and generates the HTML content that is sent to the client. Separate those (as well as JS and MySQL, if you use them) from each other and things will be a lot easier to handle.

Edited by Christian F., 23 December 2012 - 04:35 PM.

Keeping it simple.

#10 Mancent

Mancent

    Advanced Member

  • Members
  • PipPipPip
  • 149 posts
  • LocationWinchester

Posted 23 December 2012 - 09:53 PM

Hi can you guys help me with this again..

Im trying to do a simple hide and show. with as2 its objectsname._visible=true; or false;
html css


<style>
#this{
visibility:hidden;
visibility:visible;
}
</style>

What i am trying to do is, hide the upload button until the file is selected, once it is selected, then we see the upload button. Its something simple and it seems so hard!



<style>
#this{
visibility:hidden;
visibility:visible;
}
</style>


    <script type="text/javascript">
      function check_if_file_selected() 
 {
        var file = document.getElementById("selectfile");
if(file.value =="")
{
alert( 'LETS GET THE IMAGE FILE');
}
else
{
alert('WE ALREADY HAVE A IMAGE FILE SELECTED');
}

      }
    </script>

    <form enctype="multipart/form-data" action="upload_background.php?UserId=5" method="POST">

       <input id ="selectfile" onclick="check_if_file_selected()" type="file" name="x" accept="image/*"/> 

      <button  id="uploadback" type="submit" >click</button>
    </form>



Edited by Mancent, 23 December 2012 - 09:58 PM.


#11 Manixat

Manixat

    Advanced Member

  • Members
  • PipPipPip
  • 166 posts

Posted 29 December 2012 - 07:16 AM

You don't need to check on click, simply use

<input id ="selectfile" onchange="show button function here" type="file" name="x" accept="image/*"/>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com