Page 1 of 1
stopping html in posts?
Posted: Thu Aug 14, 2003 12:14 pm
by irealms
I have a guestbook on my site
http://www.irealms.co.uk , as it's just a form thats called into the page people can post html and script. Whats the best way to disable posting of links or script tags in a post?
Posted: Thu Aug 14, 2003 12:20 pm
by leperkuhn
PHP's function strip_tags will let you remove all html. it also allows you to keep certain tags, such as bold or italic or whatever.
http://us4.php.net/manual/en/function.strip-tags.php
Posted: Thu Aug 14, 2003 12:27 pm
by JayBird
You can use htmlentities() function to disable html entries before displaying back your text on the screen...
eg:
Code: Select all
<?
txt=htmlentities(txt);
echo txt;
?>
Mark
thanks
Posted: Thu Aug 14, 2003 12:54 pm
by irealms
Thanks for the help
will this disable the <script> tag too?
Posted: Thu Aug 14, 2003 3:04 pm
by m3rajk
htmlentities is everything.
the ways to do it are htmlspecialchars or htmlentities if you want to use a built in one. if you wnat to control what they use you'll have to parse