Jump to content


Photo

help making the santax of strip_tags corect...


  • Please log in to reply
1 reply to this topic

#1 aftab_jii

aftab_jii
  • Members
  • PipPipPip
  • Advanced Member
  • 30 posts

Posted 27 March 2006 - 04:41 PM

hi...
i need some serious help with strip_tags..
i have copied follwing code from php.net

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?php
//tags.php

//Allow these tags
$allowedTags = '<u><i><b><a><img><br><p><table><tr><td><ul><li><pre><hr><blockquote>';

//Disallow these attributes/prefix within a tag
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'.
'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup';

//remove evel tags
function removeEvilTags($source)
{
global $allowedTags;
$source = strip_tags($source, $allowedTags);
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}

//remove evil arrtibutes
function removeEvilAttributes($tagSource)
{
global $stripAttrib;
return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));
}
?>
[/quote]

and now i want to apply the defined functions to the following echos:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<input id="searchkeywords" type="text" name="keywords"
<?php
if (isset($_GET['keywords'])) {
echo ' value="' . htmlspecialchars($_GET['keywords']) . '" ';
}
?>[/quote]

and

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<p> Body:<br>
<textarea class="body" name="body" rows="10" cols="60"><?php
echo htmlspecialchars($body); ?></textarea>
</p>[/quote]

I have tried doing it the following way:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
require_once('tags.php');
.
.
.
<input id="searchkeywords" type="text" name="keywords"
<?php
if (isset($_GET['keywords'])) {
echo ' value="' . removeEvilTags(htmlspecialchars($_GET['keywords']),TRUE) . '" ';
}
?>[/quote]

and

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
require_once('tags.php');
.
.
.
<p> Body:<br>
<textarea class="body" name="body" rows="10" cols="60"><?php
echo removeEvilTags($body, TRUE); ?></textarea>
</p>[/quote]

but its not correct since the search felt and the textarea still accepts the evilTags...

need help tp solve the problem...
i hope i get some quick answers soon...


#2 aftab_jii

aftab_jii
  • Members
  • PipPipPip
  • Advanced Member
  • 30 posts

Posted 28 March 2006 - 05:36 PM

come on...
isnt there anyone who can help me with the problem!!!!
anyone at all!!!!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users