RaythMistwalker Posted October 31, 2011 Share Posted October 31, 2011 Ok so I got BB Code working. Now I want to prevent Users from inserting HTML into Posts. I have the following: $PostText = mysql_escape_string($_POST['replytext']); $Replace = Array ('/(<)(.+)(>)/','/(<\/)(.+)(>)/'); $ReplaceWith = Array ('<\\2>','</\\2>'); $PostText = preg_replace($Replace, $ReplaceWith, $PostText); Now If I were to input <a href=http://phpfreaks.net>Php Freaks</a> Into a forum reply it would return: <a href=http://phpfreaks.net>Php Freaks When Checking the database it has: <a href=http://phpfreaks.net>Php Freaks</a> Any help on solving this? Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/ Share on other sites More sharing options...
MasterACE14 Posted October 31, 2011 Share Posted October 31, 2011 strip_tags() Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/#findComment-1283834 Share on other sites More sharing options...
RaythMistwalker Posted October 31, 2011 Author Share Posted October 31, 2011 Does that work if I still want the tags to display on the page AS the user typed them? Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/#findComment-1283837 Share on other sites More sharing options...
Pikachu2000 Posted October 31, 2011 Share Posted October 31, 2011 htmlentities() Keep in mind though, most browsers will render a url like http://www.domain.com as a clickable link even without the <a> tags. Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/#findComment-1283838 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.