Best way to allow members to edit their own pages...

[Druid]

I have a community type website and I want to let members have their own webpage. What would be the best way to allow them to edit their own page and store it? I have a "easy web page editor" but I also want to allow more advanced users actually edit their own code. It will be just one page.

 

I was thinking of 2 ways so far, not sure if they are the stable or error free. Either fopen/fwrite...etc or store the entire page in a database. The problem with mysql storage is, if the user has tons of code...will it be able to hold it all, not even sure if lines will parse correctly? And if I go with fwrite, is there anything that may cause it to not work most of the time?

 

Any suggestions?

[pocobueno1388]

You could store it in a database and set the field to TEXT and it should be able to hold it all. Although that leaves you open to SQL injections when allowing users to input their own code into the database. I would suggest making it to where you specify what tags they are allowed to use, and if they use a different tag it replaces it with something else. I'm not an expert on security, so that is about all I can tell you.

[Druid]

thanks for the advice

 

how would i replace tags, as you suggested, though?

 

let's say the user uses </html> and i still wanna autoinsert an ad or extra code on the bottom of the page, how would i go about removing </html>

 

or another example, if they start using php <?php..etc i can just remove the tag or replace it? is there a replace("<?php", $string) function or similar?

[Snooble]

you shouldn't let them use php at all. You can write alot of dangerous script in php. Cookie stealers, one small very acheivable example. I suggest html entities. Have a look on google.

 

Snooble

[pocobueno1388]

<a href="http://us2.php.net/html_entites">html_entiteis</a>

 

I didn't suggest that because I thought you <i>wanted</i> to allow them to use HTML. If you wanted to replace certain tags of HTML here is the replace function you can use.

 

<a href="http://us2.php.net/preg_replace">preg_replace</a>

[papaface]

You could also use strip_tags() and set allowable tags. But obviously dont use this on its own, work it into some validation.

[Druid]

<a href="http://us2.php.net/html_entites">html_entiteis</a>

 

I didn't suggest that because I thought you <i>wanted</i> to allow them to use HTML. If you wanted to replace certain tags of HTML here is the replace function you can use.

 

<a href="http://us2.php.net/preg_replace">preg_replace</a>

 

Ya I did, sorry for the misunderstanding. Was just wondering how I would go about removing attemps to enter php and other tags that may cause trouble.

 

Thanks though, I'll check out entiteis.

[pocobueno1388]

As Papaface suggested: <a href="http://us2.php.net/strip_tags">strip_tags()</a>