RaythMistwalker Posted October 31, 2011 Share Posted October 31, 2011 Ok so I got BB Code working. Now I want to prevent Users from inserting HTML into Posts. I have the following: $PostText = mysql_escape_string($_POST['replytext']); $Replace = Array ('/(<)(.+)(>)/','/(<\/)(.+)(>)/'); $ReplaceWith = Array ('<\\2>','</\\2>'); $PostText = preg_replace($Replace, $ReplaceWith, $PostText); Now If I were to input <a href=http://phpfreaks.net>Php Freaks</a> Into a forum reply it would return: <a href=http://phpfreaks.net>Php Freaks When Checking the database it has: <a href=http://phpfreaks.net>Php Freaks</a> Any help on solving this? Quote Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/ Share on other sites More sharing options...
MasterACE14 Posted October 31, 2011 Share Posted October 31, 2011 strip_tags() Quote Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/#findComment-1283834 Share on other sites More sharing options...
RaythMistwalker Posted October 31, 2011 Author Share Posted October 31, 2011 Does that work if I still want the tags to display on the page AS the user typed them? Quote Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/#findComment-1283837 Share on other sites More sharing options...
Pikachu2000 Posted October 31, 2011 Share Posted October 31, 2011 htmlentities() Keep in mind though, most browsers will render a url like http://www.domain.com as a clickable link even without the <a> tags. Quote Link to comment https://forums.phpfreaks.com/topic/250196-disabling-html-in-user-input/#findComment-1283838 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.