Is the following code a secure way of converting html to BBcode and clean user data ready to be inserted into the db. Also using the same variables if needed, to call on in queries
The second function to call data out of the db and echo to screen converting BBcode back to html and stripslashes.
Code: Select all
function ValidateInput($value) {
$BBCode = array(
"<b>" => "[b]",
"</b>" => "[/b]",
"<u>" => "[u]",
"</u>" => "[/u]",
);
$value = str_replace(array_keys($BBCode), array_values($BBCode), $value);
$value = mysql_real_escape_string(trim(strip_tags($value)));
return $value;
}
function ValidateOutput($value) {
$BBCode = array(
"[b]" => "<b>",
"[/b]" => "</b>",
"[u]" => "<u>",
"[/u]" => "</u>",
);
$value = str_replace(array_keys($BBCode), array_values($BBCode), $value);
return $value;
}
$data = ValidateInput('<b><u>some data here</u></b>');
// Insert into database here
// Echo out of the database converting bbcode back to html
$FinalOutput = stripslashes(ValidateOutput($data));
echo "$FinalOutput";Thanks