virtuexru Posted April 16, 2007 Share Posted April 16, 2007 OK. So i'm letting users update their profile with a BIO. I'm using a textarea for this with the following code: <form action="" method="post"> <textarea name="biography" cols="40" rows="4"><?php echo $userinfo["biography"]; ?></textarea> <br/> <input name="submit" type="submit" id="update" value="Update!"> </form> Now the thing I need help with is this.. In the MYSQL Database, I set the field to TEXT. Is that OK as far as security? I want them to modify HTML code to a certain extent. Only allowed to use <p/><b><font color=> etc, kinda like myspace, but nothing that can screw with the page too bad like JavaScript. How would I be able to filter this? Quote Link to comment Share on other sites More sharing options...
Wildbug Posted April 16, 2007 Share Posted April 16, 2007 You can use htmlentitites() to convert "raw" HTML to something safe. You can define your own HTML replacements, like using the square brackets on this site, and use preg_replace to change them to HTML. You can use nl2br() to make newlines into hard HTML breaks. Quote Link to comment Share on other sites More sharing options...
virtuexru Posted April 17, 2007 Author Share Posted April 17, 2007 That sounds perfect - now how do I implement that exactly? Quote Link to comment Share on other sites More sharing options...
Guest prozente Posted April 17, 2007 Share Posted April 17, 2007 http://us.php.net/manual/en/function.htmlentities.php http://us.php.net/manual/en/function.nl2br.php http://us.php.net/manual/en/function.preg-replace.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.