[SOLVED] HTML tags...

[Aureole]

Say if I wanted to allow people to use <strong> <em> <a href etc. when posting a comment on my story would PHP know that it's HTML and parse it or would I need to tell it somehow that there may be HTML coming in from the form before it stores it in the database? And when I query the database do I need to let it know it might be returning some raw HTML?

[wildteen88]

PHP does not know what HTML is and so wont parse it. It will treat as plain text (a string). HTML is parsed by the web browser.

[Aureole]

What do I need to do in order for it to parse the HTML?

 

As far as my knowledge goes would I use strip_tags() on the input from the form before sending to the DB then when querying the DB to show it would I use strip_slashes()?

 

I think it's something like that but I'm not exactly sure on how to do it.  :-\

[Daniel0]

You could filter some tags out (using black-/whitelists) or you could use BBcodes. BBcodes would probably be safer since you could then block all HTML tags and only parse the BBcodes which you have defined.

[Aureole]

Ok well I guess I'd be best searching Google.com for tutorials on BB Codes or the PHP Freaks Articles section, if I get stuck I'll post here again so I'll leave this unsolved for now. 

[MemphiS]

<?php

function BBCODE($code){
$code = str_replace("[b]","<b>",$code);
$code = str_replace("[/b]","</b>",$code);
return $code;
}

$text = "[b]My text[/b]";
echo "Output ".BBCODE($text)."\n";
?>

 

Should give you an idea...

[Aureole]

<?php
function bbcode_format ($str)
    {
$str = html_entities($str);

    $simple_search = array(
                           '/\[b\](.*?)\[\/b\]/is',                               
                           '/\[i\](.*?)\[\/i\]/is',                               
                           '/\[u\](.*?)\[\/u\]/is',
	           '/\[url\=(.*?)\](.*?)\[\/url\]/is'
                          );

    $simple_replace = array(
                            '<strong>$1</strong>',
                            '<em>$1</em>',
                            '<u>$1</u>',
		    '<a href="$1">$2</a>'
                           );

    $str = preg_replace ($simple_search, $simple_replace, $str);

return $str;
  }
?>

 

I have this at the top of my file but I'm guessing I need to add something when echoing the output from the database, but I can't work it out...

 

I already have...

 

<?php
	echo nl2br("{$row['comment']}");
?>

 

So I don't know how to add it to that...

[Daniel0]

Here is what you could do. It should work:

<?php
function parse_bbcode($t)
{
// line breaks
$t = nl2br($t);

// Basic formatting
$t = preg_replace("`\[b\](.*)\[/b\]`sUi","<b>\\1</b>",$t);
$t = preg_replace("`\[i\](.*)\[/i\]`sUi","<i>\\1</i>",$t);
$t = preg_replace("`\[u\](.*)\[/u\]`sUi","<u>\\1</u>",$t);

// URLs
$t = preg_replace("`\[url\]([\w]*[:\/\/]*[\w\.\?\/&=\:;, \-@%\?]+)\[/url\]`sUi","<a href='\\1'>\\1</a>",$t);
$t = preg_replace("`\[url\=([\w]*[:\/\/]*[\w\.\?\/&=\:;, \-@%\?]+)\](.*)\[/url\]`sUi","<a href='\\1'>\\2</a>",$t);

// Images
$t = preg_replace("`\[img\]([\w]*[:\/\/]*[\w\.\?\/&=\;, \-@%\?]+)\[/img\]`isU","<img src='\\1' alt='User posted image' />",$t);

return $t;
}

$text = <<<EOF
[b]bold[/b] [i]italic[/i] [u]underline[/u]

[url]http://google.com[/url] [url=http://google.com]Google[/url]

[img=http://www.google.com/intl/en_ALL/images/logo.gif]
EOF;

echo parse_bbcode($text);
?>

[Aureole]

Thanks a lot that worked perfectly.

[Daniel0]

Note: You still need to filter out the HTML. You can do it by running htmlentities() before the above function.

[Aureole]

How would I do that, sorry...  ???

[wildteen88]

If you're using Danil0's code then change this line:

echo parse_bbcode($text);

to this:

echo parse_bbcode(htmlentities($text));