stopping html in posts?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

stopping html in posts?

Post by irealms »

I have a guestbook on my site http://www.irealms.co.uk , as it's just a form thats called into the page people can post html and script. Whats the best way to disable posting of links or script tags in a post?
leperkuhn
Forum Newbie
Posts: 1
Joined: Thu Aug 14, 2003 12:20 pm

Post by leperkuhn »

PHP's function strip_tags will let you remove all html. it also allows you to keep certain tags, such as bold or italic or whatever.

http://us4.php.net/manual/en/function.strip-tags.php
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

You can use htmlentities() function to disable html entries before displaying back your text on the screen...

eg:

Code: Select all

<?
txt=htmlentities(txt);
echo txt;
?>

Mark
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

thanks

Post by irealms »

Thanks for the help :)

will this disable the <script> tag too?
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

htmlentities is everything.

the ways to do it are htmlspecialchars or htmlentities if you want to use a built in one. if you wnat to control what they use you'll have to parse
Post Reply