Jump to content

Ahh need help urgent!


virtuexru

Recommended Posts

OK. So i'm letting users update their profile with a BIO.

 

I'm using a textarea for this with the following code:

 

<form action="" method="post">
<textarea name="biography" cols="40" rows="4"><?php echo $userinfo["biography"]; ?></textarea>
<br/>
<input name="submit" type="submit" id="update" value="Update!">	
</form>

 

Now the thing I need help with is this.. In the MYSQL Database, I set the field to TEXT. Is that OK as far as security? I want them to modify HTML code to a certain extent. Only allowed to use <p/><b><font color=> etc, kinda like myspace, but nothing that can screw with the page too bad like JavaScript. How would I be able to filter this?

Link to comment
Share on other sites

You can use htmlentitites() to convert "raw" HTML to something safe.  You can define your own HTML replacements, like using the square brackets on this site, and use preg_replace to change them to HTML.  You can use nl2br() to make newlines into hard HTML breaks.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.