Basically, I've got a form where my users can type in information thats going to be echo'd out on a page.
The problem is, I only want <br>, <p>, and <a href to be allowed and not any other html.
How would i accomplish this?
Allow only <br>, <p>, and <a href in form ent
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
strip_tags() .. but you will need to filter the results further.
- ronverdonk
- Forum Commoner
- Posts: 34
- Joined: Sat Jun 10, 2006 7:06 am
- Location: Netherlands
When you let users type data that you are echoing back, you'd better make sure that you validate everything! Have a look at the "Input filter" class at http://www.phpclasses.org/browse/package/2189.html.
The nice thing is that this class also lets you define in the parameters what tags NOT to clean! Have a look.This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.