kee2ka4 Posted November 5, 2008 Share Posted November 5, 2008 Hey peeps, I am using the following function below, that uses trim(), strip_tags() and htmlspecialchars() so that I can make my site secure from users entering invalid data. But I would like to have basic html tags to be allowed such as <p>, <b>, <a href>. Is there any way I can allow basic html tags but still make my site secure. function safe_output($value) { $value = trim($value); $value = strip_tags($value); $value = htmlspecialchars($value); return $value; } I would appreciate advise or pointers on how you guys make your site secure and yet allow users to enter value html tags. Thanks, Zub Quote Link to comment Share on other sites More sharing options...
Yesideez Posted November 5, 2008 Share Posted November 5, 2008 Ever thought of allowing bbcode just like on here? All I do is something like this: $name=$_POST['name']; $age=intval($_POST['age']); mysql_query("INSERT INTO table (`name`,`age`) VALUES ('".addslashes($name)."','".$age."')"); This might be worth reading... http://php.about.com/od/finishedphp1/qt/slash_function.htm Quote Link to comment Share on other sites More sharing options...
Mchl Posted November 5, 2008 Share Posted November 5, 2008 Read about the second argument of strip_tags() (hint: it's called 'allowable_tags') You should also pass this variable through mysql_real_escape_string() Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.