Jump to content


Photo

What's a foolproof method to allow code posting?


  • Please log in to reply
5 replies to this topic

#1 Prismatic

Prismatic
  • Members
  • PipPipPip
  • Advanced Member
  • 503 posts
  • LocationSan Diego

Posted 09 July 2006 - 03:30 AM

Working on my forums again and I need a foolproof method of getting code (any kind, if it's code, it can go) transformed into a safe version to be processed and regurgatated back when someone views a post.

For instance, I have a [bbcode][/bbcode] tag on my forums which, when you use it, produces a code block very similar to the forums here currently (Actually identical, I really liked your code blocks  :P ). I need a way to make all code "safe" in that it wont be run when I want to show it back, it also has to be able to pass through preg_replace without causing any errors (it likes to fail evaluation on some characters)

Any help is appreciated :)

#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 09 July 2006 - 03:39 AM

Use the function htmlentities() on any string you display back to the screen.

What do mean by:

t also has to be able to pass through preg_replace without causing any errors (it likes to fail evaluation on some characters)


Ken

#3 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 09 July 2006 - 06:02 AM

What do mean by:

t also has to be able to pass through preg_replace without causing any errors (it likes to fail evaluation on some characters)


I think he is using it for his BBCodes.

Here is an example of the bold, italic and underline BBCodes:
$t = preg_replace("`\[b\](.*)\[/b\]`sUi","<b>\\1</b>",$t);
$t = preg_replace("`\[i\](.*)\[/i\]`sUi","<i>\\1</i>",$t);
$t = preg_replace("`\[u\](.*)\[/u\]`sUi","<u>\\1</u>",$t);


#4 Prismatic

Prismatic
  • Members
  • PipPipPip
  • Advanced Member
  • 503 posts
  • LocationSan Diego

Posted 09 July 2006 - 06:22 AM

I dont need all BB codes, I already have those done. I mean accepting php, html, all those kinds of code and processing them so I can safely store them in the database without the fear of them getting run and causing issues.

#5 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 09 July 2006 - 06:24 AM

Ahh, just run the through htmlentities() as Ken said ;)

#6 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 09 July 2006 - 11:57 AM

Also, always process all text with mysql_real_escape_string() when inserting/updating the text into the database.

Ken




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users