how do i? (mabie n00b question)

[ccrevcypsys]

how do i disable the <style> tags and any html tags that are put into my database.

Because I dont want them to be able to change how the page looks (just like on myspace).

[kellz]

*doesnt understand the question* It can't do anything if it's in your database, thats SQL..

 

[DyslexicDog]

htmlspecialchars()

[Dragen]

output the code like this:

htmlentities($var);

Where $var is the data from the database

 

EDIT: or strip tags might work better:

strip_tags($var);

 

 

EDIT (again): Then again, if you're only wanting to remove the <style> tags and it's contents try this:

<?php
$var = preg_replace('#(\<style\>)([a-z0-9./:]+)(\<\/style\>)#i', '', $var);
?>

[trav]

Then again, if you're only wanting to remove the <style> tags and it's contents try this:

<?php
$var = preg_replace('#(\<style\>)([a-z0-9./:]+)(\<\/style\>)#i', '', $var);
?>

 

if you don't want people changing the style definitely strip the tags before they are inputted into your db.  this makes it much easier to deal with displaying later.

 

now if you have certain people  (ie admins, or moderators) that you will allow, you might want to use a different approach.

[ccrevcypsys]

Then again, if you're only wanting to remove the <style> tags and it's contents try this:

<?php
$var = preg_replace('#(\<style\>)([a-z0-9./:]+)(\<\/style\>)#i', '', $var);
?>

 

if you don't want people changing the style definitely strip the tags before they are inputted into your db.  this makes it much easier to deal with displaying later.

 

now if you have certain people  (ie admins, or moderators) that you will allow, you might want to use a different approach.

what would u recommend because there are going to be the admin and other people that will be able to do this i just don't want other people doing it

[atlanta]

I say do the method he gave you just put it into an if command .

 

for instance

 

if($user = "admin")

{

dont filter;

}

else

{

filter using the preg_replace

}