Page 2 of 2

Posted: Tue Sep 12, 2006 11:34 pm
by bob_the _builder
Hi,

Does that mean doing something like:

Code: Select all

function ValidateInput($value) { 

        $BBCode = array( 
        "<b>" => "[b]", 
        "</b>" => "[/b]", 
        "<u>" => "[u]", 
        "</u>" => "[/u]", 
); 
        
        $value = htmlentities($value);
        $value = str_replace(array_keys($BBCode), array_values($BBCode), $value); 
        $value = mysql_real_escape_string(trim(strip_tags($value))); 
        return $value; 
}


adding:

$value = htmlentities($value);

Prior to using string replace on $value?


Thanks

Posted: Tue Sep 12, 2006 11:37 pm
by feyd
similar, yes. You'll need to also run your needles through it too (or preprocess them.)

Posted: Wed Sep 13, 2006 12:19 am
by bob_the _builder
Hi,

needles?

Does htmlentities() have to be reversed when calling from the database?

Thanks

Posted: Wed Sep 13, 2006 12:41 am
by RobertGonzalez
Like the strpos() function, you are looking for a $needle within $haystack.

Posted: Wed Sep 13, 2006 12:52 am
by bob_the _builder
Hi,

Yep just found that .. What exactly am I looking for (matching) in the url?


Thanks