Jump to content


Photo

Function limiting html tags


  • Please log in to reply
2 replies to this topic

#1 Wintergreen

Wintergreen
  • Members
  • PipPipPip
  • Advanced Member
  • 107 posts

Posted 05 September 2006 - 03:03 PM

I saw something a few days ago searching around that was a function where you could specify which html tags are allowed, such as <img> or <br> but nothing else but I can't for the life of me find it anymore.  Am I making this up? 

Basically I'm trying to make it so people can't break my layout by coming in and posting </div></div></table> whatever.  But I don't want to disable html completely, I'd like <a> and <img> to work.  Also, if I allow them to use <a> and <img> how would I go about making sure that they're closed, so someone doesn't open an img tag like <img src="  and then post, screwing up the layout of the page. 

While we're on the subject of security type things, if I run my input through addslashes and mysql_real_escape_string before inserting into the DB, is it reasonably safe? 

#2 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 05 September 2006 - 03:08 PM

While we're on the subject of security type things, if I run my input through addslashes and mysql_real_escape_string before inserting into the DB, is it reasonably safe? 


It's perfetcly safe if you escape it using that function first.

#3 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 05 September 2006 - 03:18 PM

the function you're looking for is strip_tags(). read up on it in the manual, and you'll notice that you can pass allowed tags into it, and it will only strip out all the tags you do not want to allow.
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users