Taxa Posted June 2, 2008 Share Posted June 2, 2008 I am designing a website where the user, like this forum, can place comments, blog and customise with html etc. Each comment is stored in a table and stores all the writing that the user typed in. Now, I realised, that the user can easily type php and send queries to the server as well as use tags to screw around with the website layout. For example: When someone gets a users message, the message is within a table square. The message, how ever, can use tags like </table> to make the message outside of the table, and type various other commands, screwing around with the layout of the site. How should I go about preventing this problem, but still allow the users full HTML customisation (similar to my space), but restrict them from screwing around with the site? Quote Link to comment Share on other sites More sharing options...
tjmbc Posted June 2, 2008 Share Posted June 2, 2008 Use strip_tags() with exceptions. strip_tags( $_POST['variable'], '<p>' ) This will allow the user to use the <p> tag. Replace the <p> with whatever tag you don't want stripped or allow multiple tags with '<p>,<a>'. You should also notice that you don't have to include the closing tag in the exception. Quote Link to comment Share on other sites More sharing options...
Taxa Posted June 2, 2008 Author Share Posted June 2, 2008 Thanks! is this a php function? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.