Jump to content

Archived

This topic is now archived and is closed to further replies.

Prismatic

What's a foolproof method to allow code posting?

Recommended Posts

Working on my forums again and I need a foolproof method of getting code (any kind, if it's code, it can go) transformed into a safe version to be processed and regurgatated back when someone views a post.

For instance, I have a [bbcode][/bbcode] tag on my forums which, when you use it, produces a code block very similar to the forums here currently (Actually identical, I really liked your code blocks  :P ). I need a way to make all code "safe" in that it wont be run when I want to show it back, it also has to be able to pass through preg_replace without causing any errors (it likes to fail evaluation on some characters)

Any help is appreciated :)

Share this post


Link to post
Share on other sites
Use the function htmlentities() on any string you display back to the screen.

What do mean by:
[quote]t also has to be able to pass through preg_replace without causing any errors (it likes to fail evaluation on some characters)[/quote]

Ken

Share this post


Link to post
Share on other sites
[quote author=kenrbnsn link=topic=99929.msg393836#msg393836 date=1152416357]
What do mean by:
[quote]t also has to be able to pass through preg_replace without causing any errors (it likes to fail evaluation on some characters)[/quote]
[/quote]

I think he is using it for his BBCodes.

Here is an example of the [b]bold[/b], [i]italic[/i] and [u]underline[/u] BBCodes: [code]$t = preg_replace("`\[b\](.*)\[/b\]`sUi","<b>\\1</b>",$t);
$t = preg_replace("`\[i\](.*)\[/i\]`sUi","<i>\\1</i>",$t);
$t = preg_replace("`\[u\](.*)\[/u\]`sUi","<u>\\1</u>",$t);[/code]

Share this post


Link to post
Share on other sites
I dont need all BB codes, I already have those done. I mean accepting php, html, all those kinds of code and processing them so I can safely store them in the database without the fear of them getting run and causing issues.

Share this post


Link to post
Share on other sites
Ahh, just run the through htmlentities() as Ken said ;)

Share this post


Link to post
Share on other sites
Also, always process all text with mysql_real_escape_string() when inserting/updating the text into the database.

Ken

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.