How to safely allow user to input php code?
Posted: Thu Oct 02, 2008 12:34 pm
Hi all,
I have a special requirement, where the web application must allow the user to enter certain snippets of source code - java, php, sql - almost all programming languages on the planet.
User enters the code into a text area, it's stored in a mysql database, later retrieved and displayed in an html <pre></pre> element.
Now how should I proceed with properly sanitizing, filtering, displaying etc? My PHP knowledge is very limited (Im not a PHP coder but understands the syntax etc etc...).
I tried with sanitizing the input data using strip_tags but later realized that it is not what I actually wanted. strip_tags just removed certain portions of the user input text, which is not my aim. For my application to work, all user input data should be stored and displayed as it was entered.
Guys, could you please guide me in the approach I should take?
I have a special requirement, where the web application must allow the user to enter certain snippets of source code - java, php, sql - almost all programming languages on the planet.
User enters the code into a text area, it's stored in a mysql database, later retrieved and displayed in an html <pre></pre> element.
Now how should I proceed with properly sanitizing, filtering, displaying etc? My PHP knowledge is very limited (Im not a PHP coder but understands the syntax etc etc...).
I tried with sanitizing the input data using strip_tags but later realized that it is not what I actually wanted. strip_tags just removed certain portions of the user input text, which is not my aim. For my application to work, all user input data should be stored and displayed as it was entered.
Guys, could you please guide me in the approach I should take?