vividona Posted February 12, 2010 Share Posted February 12, 2010 I used highlight_string() function to color my php codes but I got output like this: <?php echo "hi"; ?> I am using htmlspecialchars() + nl2br() how can I put [< , >, ""] without destroy my data Link to comment https://forums.phpfreaks.com/topic/191860-about-highlight_string/ Share on other sites More sharing options...
teamatomic Posted February 12, 2010 Share Posted February 12, 2010 Dont convert the html characters. HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/191860-about-highlight_string/#findComment-1011238 Share on other sites More sharing options...
vividona Posted February 12, 2010 Author Share Posted February 12, 2010 Dont convert the html characters. HTH Teamatomic Hi teamatomic but this may cause security issue later on Link to comment https://forums.phpfreaks.com/topic/191860-about-highlight_string/#findComment-1011239 Share on other sites More sharing options...
teamatomic Posted February 12, 2010 Share Posted February 12, 2010 You can convert the data BEFORE it goes inside of tags. $user = htmlspecialchars("$_POST['user']); HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/191860-about-highlight_string/#findComment-1011250 Share on other sites More sharing options...
vividona Posted February 12, 2010 Author Share Posted February 12, 2010 You can convert the data BEFORE it goes inside of tags. $user = htmlspecialchars("$_POST['user']); HTH Teamatomic of course I did that Link to comment https://forums.phpfreaks.com/topic/191860-about-highlight_string/#findComment-1011253 Share on other sites More sharing options...
vividona Posted February 12, 2010 Author Share Posted February 12, 2010 After I clean my data using htmlspecialchars I used this code to insert come html tags public function bb_php($string) { $string = str_replace ( '&', '&', $string ); $string = str_replace ( ''', '', $string ); $string = str_replace ( '"', '', $string ); $string = str_replace ( '<', '<', $string ); $string = str_replace ( '>', '>', $string ); $match = array('#\[php\](.*?)\[\/php\]#se'); $replace = array("'<div>'.highlight_string(stripslashes('$1'), true).'</div>'"); return preg_replace($match, $replace, $string); } is this will cause security issue in future??? [attachment deleted by admin] Link to comment https://forums.phpfreaks.com/topic/191860-about-highlight_string/#findComment-1011261 Share on other sites More sharing options...
vividona Posted February 12, 2010 Author Share Posted February 12, 2010 any comment? Link to comment https://forums.phpfreaks.com/topic/191860-about-highlight_string/#findComment-1011462 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.