rofl90 Posted March 9, 2008 Share Posted March 9, 2008 Once inside my cms I decided I didn't need to validate, now I've just realised I'm going to be using html, is it ok for me to use html/javascript asinputs eg into a database to be retrieved for a page? Link to comment https://forums.phpfreaks.com/topic/95154-html-input/ Share on other sites More sharing options...
pocobueno1388 Posted March 9, 2008 Share Posted March 9, 2008 You should look into this HTML purifier class: http://htmlpurifier.org/ Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487397 Share on other sites More sharing options...
rofl90 Posted March 9, 2008 Author Share Posted March 9, 2008 I just downloaded it, it's huge! I just want even if that a few functions, if a page for a class to include, but 100 pages, please.. ??? Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487399 Share on other sites More sharing options...
pocobueno1388 Posted March 9, 2008 Share Posted March 9, 2008 Download the "light" version, it cuts it down a lot. I use it and I've never noticed a performance issue. Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487406 Share on other sites More sharing options...
rofl90 Posted March 9, 2008 Author Share Posted March 9, 2008 ok and i just do <?php require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php'; $dirty_html = $_POST['content']; $purifier = new HTMLPurifier(); $clean_html = $purifier->purify($dirty_html); // I insert $clean_html into my db? ?> Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487408 Share on other sites More sharing options...
pocobueno1388 Posted March 9, 2008 Share Posted March 9, 2008 Yep, thats exactly how you use it. Although I would use mysql_real_escape_string() with it too. You have to make sure you escape the data AFTER the purifying though. Like this: $clean_html = mysql_real_escape_string($purifier->purify($dirty_html)); Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487411 Share on other sites More sharing options...
rofl90 Posted March 9, 2008 Author Share Posted March 9, 2008 okie dokie then Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487412 Share on other sites More sharing options...
rofl90 Posted March 9, 2008 Author Share Posted March 9, 2008 Is this ok then: if(isset($_POST['add'])) { require_once '../htmlcleaner/library/HTMLPurifier.auto.php'; $purifier = new HTMLPurifier(); $footer = $purifier->purify($footer1); $sitetitle = $purifier->purify($sitetitle2); $keywords = $purifier->purify($keywords3); $description = $purifier->purify($description4); $timeout = $purifier->purify($timeout5); $maintenance = $purifier->purify($maintenance6); $siteslogan = $purifier->purify($siteslogan7); $footer1 = $_POST['footer']; $sitetitle2 = $_POST['sitetitle']; $keywords3 = $_POST['keywords']; $description4 = $_POST['description']; $timeout5 = $_POST['timeout']; $maintenance6 = $_POST['maintenance']; $siteslogan7 = $_POST['siteslogan']; $query = "UPDATE settings SET footer='$footer', sitetitle='$sitetitle', keywords='$keywords', description='$description', timeout='$timeout', maintenance='$maintenance', siteslogan='$siteslogan'"; mysql_query($query) or die(mysql_error()); echo "Updated settings! Click <a href='settings.php'>here</a> to go back."; } Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487416 Share on other sites More sharing options...
pocobueno1388 Posted March 9, 2008 Share Posted March 9, 2008 Don't forget the mysql_real_escape_string(). Other than that, it looks fine. Link to comment https://forums.phpfreaks.com/topic/95154-html-input/#findComment-487421 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.