When I Insert Into Database How Can I Not Allow Tags? <Td> And

[Mancent]

I want to allow users to insert into database but i have to prevent them from inserting in tags, how can I do that?

 

I understand the post, and how to insert, but how do I check that no tags where wrote in?

 

This is a ok inseart

 

<td>this is not a ok insert</td>

or any other tag

[thara]

Clearly, what do you want to do here. How do you try to insert data into the database?

[Manixat]

php strip_tags()

 

NOTE: You can also allow them to insert tags, and use htmlspecialchars() when you're displaying the text, so that it doesn't mess up your html

 

Good luck!

Edited December 23, 2012 by Manixat

[Christian F.]

I recommend the use of htmlspecialchars () over strip_tags (), as the latter function have some caveats that might very well end up messing up/preventing your users from submitting legit content. Primarily this is because of something just looks like it might be a HTML tag, strip_tags () will remove it. So anything starting with a < is subject to removal, even if it's not properly closed.

Edited December 23, 2012 by Christian F.

[Mancent]

Thank you guys you are a big help!

 

In flash i can pass strings to strings, so if this.text.string ="SOMETHING";

i can call that sting anytime i want and place it any where.

for example

 

this.newtext.string =""; <--NOTHING

 

but if i need that to == what this.text.string is i would just do this.

 

this.text.string=this.newtext.string;

 

can I do that in html?

 

you see my whole site was made in flash, and most of it still is, but I am trying to make it again in html5 and php and html and javascript..

Edited December 23, 2012 by Mancent

[Manixat]

I guess you mean you want to compare 2 strings? Because in PHP == means is equal to, then yes you can do that, but in case you want to see if this.text.string is empty you can check it with the built in function empty()

 

In case I misunderstood and you wanna set this.text.string to this.newtext.string it is as simple as $string1=$string2

 

All of that is done in PHP, html cannot compile logic, only elements which are going to be displayed on the page ( well not only but basically )

Edited December 23, 2012 by Manixat

[Mancent]

That makes scene. its the same thing. I can just use the $_GET to get the string and then just set it again if needed.. in php

[Manixat]

Well $_GET is nothing but an associative array filled with variables from the url. Say you have your file index.php and you address it like this

 

index.php?variable=value&more_variables=more_values

 

Then you can do

 

print_r($_GET) to see what it contains, every value that has been set in this or the $_POST array can be modified

Edited December 23, 2012 by Manixat

[Christian F.]

It sounds like you might want to read up on variable scope in PHP, and how that relates to functions (and classes).

It should be noted that while the examples in the PHP manual use the global keyword, and the $_GLOBALS superglobal, you should use neither. Instead you should pass the variables as parameters to the functions, and use return to get the data back from a function.

 

Also, since you seem to be mixing PHP and HTML, it can be advantageous to think about PHP as the logic layer, and HTML as the presentation layer. HTML itself doesn't do any logic, as Manixat stated above, it only displays static content. PHP, on the other hand, is executed on the server and generates the HTML content that is sent to the client. Separate those (as well as JS and MySQL, if you use them) from each other and things will be a lot easier to handle.

Edited December 23, 2012 by Christian F.

[Mancent]

Hi can you guys help me with this again..

 

Im trying to do a simple hide and show. with as2 its objectsname._visible=true; or false;

html css

 

 

<style>

#this{

visibility:hidden;

visibility:visible;

}

</style>

 

What i am trying to do is, hide the upload button until the file is selected, once it is selected, then we see the upload button. Its something simple and it seems so hard!

 

<style>
#this{
visibility:hidden;
visibility:visible;
}
</style>


   <script type="text/javascript">
     function check_if_file_selected() 
{
       var file = document.getElementById("selectfile");
if(file.value =="")
{
alert( 'LETS GET THE IMAGE FILE');
}
else
{
alert('WE ALREADY HAVE A IMAGE FILE SELECTED');
}

     }
   </script>

   <form enctype="multipart/form-data" action="upload_background.php?UserId=5" method="POST">

      <input id ="selectfile" onclick="check_if_file_selected()" type="file" name="x" accept="image/*"/> 

     <button  id="uploadback" type="submit" >click</button>
   </form>

Edited December 24, 2012 by Mancent

[Manixat]

You don't need to check on click, simply use

 

<input id ="selectfile" onchange="show button function here" type="file" name="x" accept="image/*"/>