Page 1 of 1

stopping html in posts?

Posted: Thu Aug 14, 2003 12:14 pm
by irealms
I have a guestbook on my site http://www.irealms.co.uk , as it's just a form thats called into the page people can post html and script. Whats the best way to disable posting of links or script tags in a post?

Posted: Thu Aug 14, 2003 12:20 pm
by leperkuhn
PHP's function strip_tags will let you remove all html. it also allows you to keep certain tags, such as bold or italic or whatever.

http://us4.php.net/manual/en/function.strip-tags.php

Posted: Thu Aug 14, 2003 12:27 pm
by JayBird
You can use htmlentities() function to disable html entries before displaying back your text on the screen...

eg:

Code: Select all

<?
txt=htmlentities(txt);
echo txt;
?>

Mark

thanks

Posted: Thu Aug 14, 2003 12:54 pm
by irealms
Thanks for the help :)

will this disable the <script> tag too?

Posted: Thu Aug 14, 2003 3:04 pm
by m3rajk
htmlentities is everything.

the ways to do it are htmlspecialchars or htmlentities if you want to use a built in one. if you wnat to control what they use you'll have to parse