theTree Posted January 9, 2008 Share Posted January 9, 2008 The title says it all... I don't really want to use BBcode as its rather big - I just need a simple way to let users post example code in response to an article, perhaps using BBcode style code tags. Doesn't really need to be colored or anything, I want to keep it simple. Can I use it in conjuntion with strip_tags() to keep it safe? Many thanks, Quote Link to comment Share on other sites More sharing options...
nikefido Posted January 9, 2008 Share Posted January 9, 2008 My personal solution was not to use BB tags is to allow users to use < pre > < /pre > tags to save formatting (as this forum apparently does! you want to do two things when having the public enter data into your DB that is displayed on your web page: 1) make sure the data being entered will not break your SQL statement and is the proper type of data going into your database //make a function to strip slashes and validate data //my own functions checks if magic_quotes are being used and uses stripslashes/mysql_real_escape_string depending on magic_quotes 2) make sure the data from the DB being dispayed on your web page is not going to be code that is read/used! (example being HTML, JS or PHP that a user might maliciously use). /*makes sure to look up htmlentities, htmlspecialchars, nl2br, urlencode to see what fits! strip_tags is good also as it allows you to keep <pre> tags if you allow users to use them */ http://us2.php.net/manual/en/function.htmlentities.php <-- has links to many of the above functions http://us2.php.net/manual/en/function.strip-tags.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.