kee2ka4 Posted November 5, 2008 Share Posted November 5, 2008 Hey peeps, I am using the following function below, that uses trim(), strip_tags() and htmlspecialchars() so that I can make my site secure from users entering invalid data. But I would like to have basic html tags to be allowed such as <p>, <b>, <a href>. Is there any way I can allow basic html tags but still make my site secure. function safe_output($value) { $value = trim($value); $value = strip_tags($value); $value = htmlspecialchars($value); return $value; } I would appreciate advise or pointers on how you guys make your site secure and yet allow users to enter value html tags. Thanks, Zub Link to comment https://forums.phpfreaks.com/topic/131509-allow-baisc-html-tags-into-the-database-need-help/ Share on other sites More sharing options...
Yesideez Posted November 5, 2008 Share Posted November 5, 2008 Ever thought of allowing bbcode just like on here? All I do is something like this: $name=$_POST['name']; $age=intval($_POST['age']); mysql_query("INSERT INTO table (`name`,`age`) VALUES ('".addslashes($name)."','".$age."')"); This might be worth reading... http://php.about.com/od/finishedphp1/qt/slash_function.htm Link to comment https://forums.phpfreaks.com/topic/131509-allow-baisc-html-tags-into-the-database-need-help/#findComment-682996 Share on other sites More sharing options...
Mchl Posted November 5, 2008 Share Posted November 5, 2008 Read about the second argument of strip_tags() (hint: it's called 'allowable_tags') You should also pass this variable through mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/131509-allow-baisc-html-tags-into-the-database-need-help/#findComment-683005 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.