I am working on a new forum with asp.net. For a while I was thinking I whould just let users type html freely into the main text box and have it come out as a link of image. But now I have desided that maybe this is not such a good idea. One missed and command and Im digging in my data base to correct it so it does not mess up other posts. I now want to put images in a separate text box as well as links but now how do I get the html text in the main text box to not be read as code. Like on this forum for instance I can type all the html in the world into this text box and it wont do a thing to the integrity of this forum. Instead it uses its own vb code. How can I make this the same way on my forum minus the vb code?

ASP has Regular Expressions, right? If so, use them to replace <'s with &amp;lt; and >'s with &amp;gt;, that way HTML isn't allowed. And use RegExps to convert something like, "[ img=someURL.com/someImg.jpg ][ /img ]" to HTML for the image.

asp.net uses visual basic 6 code but I see where you are going. Use a string to find these characters and replace with an &lt; and an &gt;. That most likely whould work but it will be a lot of code

You could do it with javascript before you submit it. The code wood look something like this:
<html>
<head>
<script language=javascript>
function change()
{
data=form1.text1.value;
do
{
data=data.replace("<","&lt;");
}while(data.indexOf("<")!=-1)
do
{
data=data.replace(">","&gt;");
}while(data.indexOf(">")!=-1)
form1.text1.value=data;
return true;

}
</script>
</head>
<body>
<form name=form1 onsubmit=change() action="whatever.asp">
<textarea name=text1 rows="5" cols="20"></textarea>
<input type=submit>
</form>
</body>
</html>
I hope that helps. ;)

It does, a lot. That really what I was thinking it was going to look like. I am going to try and see if I can write something like that in vb6 code so I dont end up having two languages on this bugger.

Here is the VB6 equivalent:
<html>
<head>
<script language=VBScript>
sub change
data = form1.text1.value
MyString = Replace(data, "<", "&lt;")
data = Replace(MyString, ">", "&gt;")
form1.text1.value=data
end sub
</script>
</head>
<body>
<form name=form1 onsubmit="change()" action="whatever.asp">
<textarea name=text1></textarea>
<input type=submit>
</form>
</body>
</html>
Hope this helps... :D

Adam,
Your JavaScript change() function can be simplified with the use of regular expressions:

function change() {
form1.text1.value = form1.text1.value.replace(/</g, '&lt;');
form1.text1.value = form1.text1.value.replace(/>/g, '&gt;');
}

Charles - That is easier. :) When I was trying to do it like that it was only changing the first one. What's different about your code??

Dave - Actually, it works exactly the same if you don't put the extra arguments in there since the default values for them are 1 and -1 anyway. So, it doesn't really matter if I put them in there or not...

I would be very careful with letting forum visitors enter HTML. You can allow certain elements that you process individually like [img="..."] and convert into HTML markup, but do go changing [] to <> without any further checking. If you do think what happens if a prankster enters this:
<script>document.body.innerHTML=''</script>
And that is still innocent. If your forum uses cookies for automatic log in, having the ability to insert a script like that will allow to hack the identity of your forum visitors - script can read the cookie and sent it to a domain.

I am not using a cookie, and also this forum is not going to be a big public thing its a private forum for me and about 15 people. But I am worried about people accidently screwing up when they try to insert a link by leaving off a " or a </a> or something like that. So I just want disable html in to forum and let users enter an image url in another text box and a link url in another one. Then the code will just insert the latter 2 text boxes into the post however html is dispabled in the users text its self. Now that I look at it, it wont be that hard but it might end up being a lot of code because I have like 4 or 5 places I have to type this junk.