andz Posted May 22, 2009 Share Posted May 22, 2009 how do i use this preg_replace() to validate content. $content = 'testingmike123<script>alert("test")</script>'; how do validate that the system wont execute the <script></script> using preg_replace(); Thanks Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/ Share on other sites More sharing options...
Masna Posted May 22, 2009 Share Posted May 22, 2009 What is it that you're trying to do, exactly? Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839776 Share on other sites More sharing options...
MadTechie Posted May 22, 2009 Share Posted May 22, 2009 I assume you want to remove the script, try this (remove) $content = preg_replace('%<script.*?>.*?</script>%sim', '', $content ); keep the script but kill the tags $content = preg_replace('%<script.*?>(.*?)</script>%s', '\1', $content ); Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839778 Share on other sites More sharing options...
andz Posted May 22, 2009 Author Share Posted May 22, 2009 im trying to remove or block the execution of <script></script> as i want to display the results in plain text. expected results will be testingmike123alert("test") Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839780 Share on other sites More sharing options...
andz Posted May 22, 2009 Author Share Posted May 22, 2009 @MadTechie: Thanks for the solution mate. I used this solution of yours :: $content = preg_replace('%<script.*?>.*?</script>%sim', '', $content ); how about if i have multiple tags on the $content, example $content = 'mymessage<script>alert("test")</script><embed>source</embed>'; how do i add that to validation? Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839784 Share on other sites More sharing options...
MadTechie Posted May 22, 2009 Share Posted May 22, 2009 use htmlspecialchars ie $content = htmlspecialchars($content, ENT_QUOTES); or even try this $content = 'my <b>message</b><script>alert("test")</script> <embed>source</embed>'; $content = preg_replace('%<([^>]*)>(.*?)</\1>%sim', '\2', $content); $content = htmlspecialchars($content, ENT_QUOTES); echo $content; Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839788 Share on other sites More sharing options...
andz Posted May 22, 2009 Author Share Posted May 22, 2009 i'd like to but to the script that I'm working, applying htmlspecialchars() is not an options as some of the scripts will not function. i already tried applying it, although it worked but some pages suffered. i wanted to validate the <script></script> and <embed></embed> tags how do i put it into action considering this example below? $content = 'mymessage<script>alert("test")</script><embed>source</embed>'; thank you very much Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839790 Share on other sites More sharing options...
MadTechie Posted May 22, 2009 Share Posted May 22, 2009 ok this removes embed and script //simple $content = preg_replace('%<(script|embed)[^>]*>(.*?)</\1>%s', '\2', $content ); //try this $remove = array('script','embed'); $remove = implode("|", $remove); $content = preg_replace('%<('.$remove.')[^>]*>(.*?)</\1>%s', '\2', $content ); Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839792 Share on other sites More sharing options...
andz Posted May 22, 2009 Author Share Posted May 22, 2009 @madtechie: how do i implement this on str_replace() Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839951 Share on other sites More sharing options...
Axeia Posted May 22, 2009 Share Posted May 22, 2009 You don't, you need the power of a regular expression, not that of a simple string match. Otherwise <script >harmful code</script> won't be filtered out due to the space in there. Link to comment https://forums.phpfreaks.com/topic/159230-solved-how-to-use-preg_replace/#findComment-839968 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.