simple and safe way to let users post example code in a blog comment system?

[theTree]

The title says it all...

 

I don't really want to use BBcode as its rather big - I just need a simple way to let users post example code in response to an article, perhaps using BBcode style code tags. Doesn't really need to be colored or anything, I want to keep it simple. Can I use it in conjuntion with strip_tags() to keep it safe?

 

Many thanks,

[nikefido]

My personal solution was not to use BB tags is to allow users to use < pre > < /pre > tags to save formatting (as this forum apparently does!

 

 

you want to do two things when having the public enter data into your DB that is displayed on your web page:

 

1) make sure the data being entered will not break your SQL statement and is the proper type of data going into your database

//make a function to strip slashes and validate data
//my own functions checks if magic_quotes are being used and uses stripslashes/mysql_real_escape_string depending on magic_quotes

 

2) make sure the data from the DB being dispayed on your web page is not going to be code that is read/used! (example being HTML, JS or PHP that a user might maliciously use).

/*makes sure to look up htmlentities, htmlspecialchars, nl2br, urlencode to see what fits! strip_tags is good also as it allows  you to keep <pre> tags
if you allow users to use them */

http://us2.php.net/manual/en/function.htmlentities.php  <-- has links to many of the above functions

http://us2.php.net/manual/en/function.strip-tags.php