[SOLVED] how to use preg_replace()

[andz]

how do i use this preg_replace() to validate content.

 

$content = 'testingmike123<script>alert("test")</script>';

 

how do validate that the system wont execute the <script></script> using preg_replace();

 

Thanks

[Masna]

What is it that you're trying to do, exactly?

[MadTechie]

I assume you want to remove the script,

try this (remove)

$content = preg_replace('%<script.*?>.*?</script>%sim', '', $content );

keep the script but kill the tags

$content = preg_replace('%<script.*?>(.*?)</script>%s', '\1', $content );

 

 

[andz]

im trying to remove or block the execution of <script></script> as i want to display the results in plain text.

 

expected results will be testingmike123alert("test")

[andz]

@MadTechie:

 

Thanks for the solution mate.

 

I used this solution of yours ::

 

$content = preg_replace('%<script.*?>.*?</script>%sim', '', $content );

 

how about if i have multiple tags on the $content, example

 

$content = 'mymessage<script>alert("test")</script><embed>source</embed>';

 

how do i add that to validation?

[MadTechie]

use htmlspecialchars

ie

$content = htmlspecialchars($content, ENT_QUOTES);

 

or even try this

$content = 'my <b>message</b><script>alert("test")</script> <embed>source</embed>';
$content = preg_replace('%<([^>]*)>(.*?)</\1>%sim', '\2', $content);
$content = htmlspecialchars($content, ENT_QUOTES);
echo $content;

[andz]

i'd like to but to the script that I'm working, applying htmlspecialchars() is not an options as some of the scripts will not function.

 

i already tried applying it, although it worked but some pages suffered.

 

i wanted to validate the <script></script> and <embed></embed> tags

 

how do i put it into action considering this example below?

 

 

$content = 'mymessage<script>alert("test")</script><embed>source</embed>';

 

 

thank you very much

[MadTechie]

ok this removes embed and script

//simple
$content = preg_replace('%<(script|embed)[^>]*>(.*?)</\1>%s', '\2', $content );

//try this
$remove = array('script','embed');
$remove = implode("|", $remove);
$content = preg_replace('%<('.$remove.')[^>]*>(.*?)</\1>%s', '\2', $content );

[andz]

@madtechie:

 

how do i implement this on str_replace()

[Axeia]

You don't, you need the power of a regular expression, not that of a simple string match.

Otherwise <script >harmful code</script> won't be filtered out due to the space in there.