virtuexru Posted April 16, 2007 Share Posted April 16, 2007 OK. So i'm letting users update their profile with a BIO. I'm using a textarea for this with the following code: <form action="" method="post"> <textarea name="biography" cols="40" rows="4"><?php echo $userinfo["biography"]; ?></textarea> <br/> <input name="submit" type="submit" id="update" value="Update!"> </form> Now the thing I need help with is this.. In the MYSQL Database, I set the field to TEXT. Is that OK as far as security? I want them to modify HTML code to a certain extent. Only allowed to use <p/><b><font color=> etc, kinda like myspace, but nothing that can screw with the page too bad like JavaScript. How would I be able to filter this? Link to comment https://forums.phpfreaks.com/topic/47304-ahh-need-help-urgent/ Share on other sites More sharing options...
Wildbug Posted April 16, 2007 Share Posted April 16, 2007 You can use htmlentitites() to convert "raw" HTML to something safe. You can define your own HTML replacements, like using the square brackets on this site, and use preg_replace to change them to HTML. You can use nl2br() to make newlines into hard HTML breaks. Link to comment https://forums.phpfreaks.com/topic/47304-ahh-need-help-urgent/#findComment-230818 Share on other sites More sharing options...
virtuexru Posted April 17, 2007 Author Share Posted April 17, 2007 That sounds perfect - now how do I implement that exactly? Link to comment https://forums.phpfreaks.com/topic/47304-ahh-need-help-urgent/#findComment-230911 Share on other sites More sharing options...
Guest prozente Posted April 17, 2007 Share Posted April 17, 2007 http://us.php.net/manual/en/function.htmlentities.php http://us.php.net/manual/en/function.nl2br.php http://us.php.net/manual/en/function.preg-replace.php Link to comment https://forums.phpfreaks.com/topic/47304-ahh-need-help-urgent/#findComment-230943 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.