[SOLVED] strip_tags() not working. Any Ideas?

[spires]

HI

 

I'm using strip_tags() to strip <b><br /><i> out of my content.

However, Its not working.

 

Can anyone see any problems?

 

$desc2 = stripslashes(nl2br($row2['ptxt_body']));
$desc3 = htmlentities($desc2);

<textarea name="description" cols="40" rows="7" wrap="PHYSICAL" id="description">'.strip_tags($desc3, '<b><br /><i>').'</textarea>

 

heres the:

http://www.telegraphlondon.co.uk/text_upload2.php

 

As you can see, the text inside the 'textarea' still has <br />.

 

Can anyone see why?

 

 

Thanks for your advice. 

[MadTechie]

please post code in code tags

 

 

[spires]

Hi Thanks for taking a look for me.

 

Here is the full page code

<?php
session_start();

include('dbconnect.php');
$user = $_SESSION['usname'];
$pass = $_SESSION['pword'];

	$sql = "SELECT * FROM admin_users WHERE admin_usname='$user' && admin_pword='$pass'";
	$select_query = mysql_query($sql) or die ('error1');
	$count = mysql_num_rows($select_query);
	$row = mysql_fetch_array($select_query);
	$id = $row['admin_id'];

if (isset($_POST['submit'])) {
if ($_POST['title'] == '')
		$arrError['title'] = 'Please add your TITLE';
		$star_1 = '<img src="London-Clubs-GFX/london-clubbing-1.jpg"';
if ($_POST['description'] == '')
		$arrError['description'] = 'Please add your TEXT';
		$star_2 = '<img src="London-Clubs-GFX/london-clubbing-1.jpg"';

if (count(arrError==0)){

		$sql1="SELECT * FROM page_text WHERE ptxt_id='1'";
		$result1 = mysql_query($sql1) or die ('Could not connect');
		$count1 = mysql_num_rows($result1);
		$row1 = mysql_fetch_array($result1);

if ($count1==0) {

$title=addslashes($_POST['title']);
$description=addslashes($_POST['description']);
$page = $_POST['page'];
$date = date('Y.m.d');

$sql = "INSERT INTO page_text (ptxt_title, ptxt_body, ptxt_page, ptxt_date) VALUES ('$title', '$description', '$page', '$date')";
$query = mysql_query($sql) or die (mysql_error());


if ($query){
$inserted = '<span class="pro_guide_text">Your new information has been added<br></span>';
}else{
$insert_error = '<span class="pro_guide_text">Sorry, There has been an error</span>';
}
}

}else{
	if (empty($title) || empty($description)){
		$strError = '<div class="pro_guide_text">';
			foreach($arrError as $error) {
			$strError .= '$error';
			}
		$strError .= '</div>';
	}
}
}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Admin Area</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>

<body>
<center>
<br>


<table bgcolor="#EEEEEE" class="TLRB_border" cellpadding="0" cellspacing="0" width="350">
<tr bgcolor="#CCCCCC">
<td class="box_title" align="center">
ENTER YOUR TITLE & PAGE CONTENT</td>
</tr>
<tr>
<td>
<?php
	$sql2 = "SELECT * FROM page_text WHERE ptxt_page='home' ORDER by ptxt_id DESC";
	$select_query2 = mysql_query($sql2) or die ('error1');
	$count2 = mysql_num_rows($select_query2);
	$row2 = mysql_fetch_array($select_query2);
	$title2 = stripslashes(nl2br($row2['ptxt_title']));
	$desc2 = stripslashes(nl2br($row2['ptxt_body']));

	$desc3 = htmlentities($desc2);

echo '
<form name="form1" method="post" action="'.$_SERVER['PHP_SELF'].'">
<table bgcolor="#FFFFFF"  cellpadding="0" cellspacing="0" width="500" align="center">
<tr>

	<td width="111" align="right">
	<br>
		 <span class="organge_text">Text Title:</span> </td>
	<td width="217" align="left"><br>
		<input type="text" name="title" size="25" value="'.$title2.'"/></td>
	<td align="left">'.$star1.'</td>
	</tr>
	<tr>
	<td align="right">
		 <span class="organge_text">Main Text:</span> </td>
	<td align="left">
		<textarea name="description" cols="40" rows="7" wrap="PHYSICAL" id="description">'.strip_tags($desc3, '<b><br /><i>').'</textarea></td>
	<td align="left">'.$star2.'</td>

	</tr>
	<tr>
	<td class="ten_organge" align="center" colspan="3"> 
	Select Desination: 
	<select name="page">
	<option value="home" selected>HOME</option>
	<option>* VENUE *</option>
	<option value="venue_history">> >Hitory</option>
	<option value="venue_fame">> >Wall Of Fame</option>
	<option value="venue_Fbar">> >Front Bar</option>
	<option value="venue_S_and_F">> >Studio & Facilities</option>
	<option value="SF_recording">> > > >Recording</option>
	<option value="SF_rehersall">> > > >Rehersall</option>
	<option value="SF_video">> > > >Video Editing</option>
	<option>* LISTINGS *</option>
	<option value="listings_past">> >Past Events</option>
	<option value="listings_this">This Months</option>
	<option value="listings_next">Next Months</option>
	<option value="listings_coming">Coming Events</option>
	<option value="food">FOOD</option>
	<option value="contact">CONTACT</option>
	</select>
	<br>
	</td>
	</tr>
	<tr>
	<td class="ten_organge" align="center" colspan="3"> 
	<input name="submit" value="submit" type="submit">
	<br><br>
	</td>
	</tr>
</table>	
</form>';
echo $desc2;
?>
<!-- <div align="right"><a href="admin_area.php" class="link">Admin Area</a></div> -->
</td>
</tr>
</table>


</center>

</body>
</html>

[AndyB]

If you look at the source view of the admin page, you'll notice that there aren't any 'tags' in the textarea text because htmlentities has converted < to < etc.

[MadTechie]

$desc2 = stripslashes(nl2br($row2['ptxt_body']));
$desc3 = htmlentities($desc2);

<textarea name="description" cols="40" rows="7" wrap="PHYSICAL" id="description">'.strip_tags($desc3, '<b><br /><i>').'</textarea>

 

 

 

OK the htmlentities will convert >  to > etc so it will always fail.. also the stripslashes will remove the / so <br /> will fail

 

 

Ahhh Andys on the scene.. no posts are safe

[spires]

OK, Thanks

 

You've been a great help.

 

I'll try and rework it.

 

[spires]

THANKS

 

It worked.

 

I did:

 

$desc2 = htmlentities(stripslashes($row2['ptxt_body']));
<textarea name="description" cols="40" rows="7" wrap="PHYSICAL" id="description">'.strip_tags($desc2, '<b><br /><i>').'</textarea>

 

Cheers