R.Noon
05-26-2007, 01:48 PM
Anybody have any clue how I would go about this?
Click to See Complete Forum and Search --> : Disable HTML in form posts.
R.Noon
05-26-2007, 02:34 PM
Can't edit it... but I did manage to fix it by using.
print htmlentities($row['post']);
instead of
print $row['post'];
print htmlentities($row['post']);
instead of
print $row['post'];
Charles
05-26-2007, 02:40 PM
You might do better using strip_tags (http://www.php.net/manual/en/function.strip-tags.php).
R.Noon
05-26-2007, 02:58 PM
Why is that? Since I may not want to strip all tags I'm assuming?
Charles
05-26-2007, 03:07 PM
No, because you might want to strip all of the tags and not escape them so that they show up as code. It depends upon what you are up to.
R.Noon
05-26-2007, 04:29 PM
I'm simply trying to build in an announcement table and don't want any html to work since I'm not the only one will be editing it, or having access to edit it.
Charles
05-26-2007, 06:56 PM
Then yes, strip_tags is what you want. But try it both ways.
n_alexiev
05-27-2007, 12:00 AM
You can use str_replace() function.
<?php
$myVar ="<script>alert('goooo');</script>";
$myVar1 = htmlspecialchars($myVar);
$myVar2 = addslashes($myVar); // output --> <script>alert(\'gooo'\);</script>
?>
Use htmlspecialchars($variable); :p
<?php
$myVar ="<script>alert('goooo');</script>";
$myVar1 = htmlspecialchars($myVar);
$myVar2 = addslashes($myVar); // output --> <script>alert(\'gooo'\);</script>
?>
Use htmlspecialchars($variable); :p
NogDog
05-27-2007, 12:25 AM
Ultimately, the question is what do you want displayed if a user enters any tags? If you want the tags completely eliminated from the input, use strip_tags() as Charles suggests. If you want the tags to be displayed without actually being processed by the browser as tags (perhaps you want the user to be able to post sample code), then use either htmlspecialchars() or htmlentities().
webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.