I'm working with a form where the user can enter in a brief summary and I want to prevent any misuse of quotes or html.
When I try to submit the following entry to the DB, the quotation marks and anything after it gets removed.
I'm already using stripslashes, but that's it right now.
How can I prevent quotation marks from causing any issues as well as html tags or even worse javascript?
Thanks,
-- Abe --
Detecting quotes and html tags
Moderator: General Moderators
Code: Select all
$message = str_replace('<', '<', $message);
$message = str_replace('>', '>', $message);Thanks a bunch!
Before I got any replies, I managed to find strip_tags() and this seemed to be the best one for the job for removing the html. It's also taking care of any issues with the quotes.
Is anyone familiar with strip_tags() and know if there is any other precaution I should take?
Again, thanks for all your help everyone!
-- Abe --
Before I got any replies, I managed to find strip_tags() and this seemed to be the best one for the job for removing the html. It's also taking care of any issues with the quotes.
Is anyone familiar with strip_tags() and know if there is any other precaution I should take?
Again, thanks for all your help everyone!
-- Abe --
strip_tags() will remove all tags. If you want to show the tags but not allow them to do any damage you need to use htmlentities()
Ah ok. Thanks for the heads up.hawleyjr wrote:strip_tags() will remove all tags. If you want to show the tags but not allow them to do any damage you need to use htmlentities()
I don't want users to input any html codes, but in any future projects, I will definitely heed your advice!
Mahalo!
-- Abe --
- aerodromoi
- Forum Contributor
- Posts: 230
- Joined: Sun May 07, 2006 5:21 am
There is one advantage to htmlentities though - you actually see what has been posted.BigAbe wrote:Ah ok. Thanks for the heads up.hawleyjr wrote:strip_tags() will remove all tags. If you want to show the tags but not allow them to do any damage you need to use htmlentities()
I don't want users to input any html codes, but in any future projects, I will definitely heed your advice!
Mahalo!
-- Abe --
aerodromoi