homemade forum help with links, images and such

[wrathican]

Hey

 

what i have done is created my own forum. its very basic and i wish to improve it further.

now i have html special chars and mysql real escape string to prevent from injection attacks.

 

what i want is the ability for a user to add html links <a></a> and images <img />maybe add the option to change font weight, colours and sizes.

 

now with what i have at the moment my insert query would turn the '<' and '>' into < and > so it wouldn't display a link it would actually print <a href="link">link</a> and wouldn't be a clickable link.

 

how would i go about getting this to be done. suggestions and links welcome

 

Thanks

[discomatt]

Use 'BBCode.' There is a parser available at PEAR

 

http://pear.php.net/package/HTML_BBCodeParser

[wrathican]

Thanks for the reply.

 

I have since contacted my host and they do not have any PEAR packages installed on their servers, nor will they install them for me.

 

so, my question remains. how do i accomplish the effect i am looking for without using and external packages?

[waynew]

Spend some time researching string searching in php and work out some kind of if-else system that distinguishes from links that are allowed and links that aren't allowed in order to maintain a level of safety. For instance you could deny all links that have <script> in it as that's obviously an xss.