fuction to remove tags

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

fuction to remove tags

Post by m2babaey »

pickle | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi
I'm not sure whether to post this here or in php security 	 	
How do you think if I define a function like this:
[syntax="php-brief"]function m($variable){
$variable=addslashes($variable);
$variable=strip_tags($variable);
$variable=mysql_real_scape_string($variable);
return $variable;
}

pickle | Please use[/syntax]

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
mwasif
Forum Newbie
Posts: 13
Joined: Sun Jul 15, 2007 1:24 pm

Post by mwasif »

You should use mysql_real_scape_string() when you need to save this data in DB. No need for addslashes() when you use mysql_real_scape_string(). Why you are using strip_tags()? If you need to save someone's commets as users do in forums then you should consider the use of htmlspecialchars().

Always make sure you are saving the legitimate data e.g. numbers are provided in the numbers field etc.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Pretty function but... what's your question? If you just posted this for others to review, this should be in the "Coding Critique" forum.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply