check comment for html

[dachshund]

hi, I just wanted to check if a comment a user posts contains HTML, and if it does, to not allow it to be posted.

 

this is my current php, any help would be very much appreciated! thanks.

 

 

<?php

		$comment=$_POST['comment'];
		$name=$_POST['name'];
		$email=$_POST['email'];
		$website=$_POST['website'];
		$date=date("y/m/d h:i:s");

		if($name && $email && $comment){

		$sql="INSERT INTO `comments` (`name`, `email`, `website`, `articleid`, `comment`, `datetime`) VALUES ('$name', '$email', '$website', '$id', '$comment', '$date')";
		$result=mysql_query($sql) or die(mysql_error());


		if($result){


		echo "Your comment was posted succesfully on the article \n";
		echo $rows['title'];
		echo '<p><a href="view_article.php?id=';
		echo $id;
		echo '">Click here to go back to the article.</a></p>';
		}else {
		echo "Sorry, your comment could not be posted. Please make sure you fill in all the fields marked with *.\n";

		}
		}else {
		echo "Sorry, your comment could not be posted. Please make sure you fill in all the fields marked with *.\n";
		}
		?>

 

[crabfinger]

How about this?

 

$comment = str_replace(array('&','<','>'),array('&','<','>'),$comment);

[Tazerenix]

why bother. Just when the person submits the posts use

 

htmlspecialchars()

to convert all the html entities to < and > and stuff. That way they can still post but you won't have dodgy html on your webpage

 

ps: dam u crab lol, stole meh answer)

[dachshund]

oh yeah i'll do that as well. it was more to stop spam comments though. i guess i just just put a more effective spam filter than just not allowing html though?

 

thanks for your help.

[Tazerenix]

you could sign up to reCaptcha or something and implement a captcha code into your code