Jump to content

Archived

This topic is now archived and is closed to further replies.

Wintergreen

Function limiting html tags

Recommended Posts

I saw something a few days ago searching around that was a function where you could specify which html tags are allowed, such as <img> or <br> but nothing else but I can't for the life of me find it anymore.  Am I making this up? 

Basically I'm trying to make it so people can't break my layout by coming in and posting </div></div></table> whatever.  But I don't want to disable html completely, I'd like <a> and <img> to work.  Also, if I allow them to use <a> and <img> how would I go about making sure that they're closed, so someone doesn't open an img tag like <img src="  and then post, screwing up the layout of the page. 

While we're on the subject of security type things, if I run my input through addslashes and mysql_real_escape_string before inserting into the DB, is it reasonably safe? 

Share this post


Link to post
Share on other sites
[quote author=Wintergreen link=topic=106962.msg428481#msg428481 date=1157468583]
While we're on the subject of security type things, if I run my input through addslashes and mysql_real_escape_string before inserting into the DB, is it reasonably safe? 
[/quote]

It's perfetcly safe if you escape it using that function first.

Share this post


Link to post
Share on other sites
the function you're looking for is strip_tags(). read up on it in the manual, and you'll notice that you can pass allowed tags into it, and it will only strip out all the tags you [b]do not[/b] want to allow.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.