hello all!
I am using a form that a user can fill out but for security reasons I want html stripped out. If the user inputs html, I want it to kick back saying something to the fact that it had html removed. What I have works just fine with one exception, I want people to be able to use
(This is shortened code)
While this works fine for stripping html, it also kicks back apostrophes and quotes. I would like the user to be able to use them, but I'm not completely sure how to do that. I want to maintain security so that people can't put errant code in the input box, but atleast it doesn't kick back on an apostrophe. Quotes would be nice, but not necessary if I'm better off leaving it as is.
I think I have a basic concepts of these commands in php to have gotten it working thus far, but I'm betting I can modify these commands to function better for me:
Thanks in advance!
Dan
I am using a form that a user can fill out but for security reasons I want html stripped out. If the user inputs html, I want it to kick back saying something to the fact that it had html removed. What I have works just fine with one exception, I want people to be able to use
Code:
<?php
$RemarksPure = Trim(stripslashes($_POST['remarks']));
$Remarks = addslashes(preg_replace('#</?\w[^>]*>#', '', $RemarksPure));
$RemarksValidationOK = true;
$ValidationOK = true;
if ($RemarksPure !== $Remarks) {
// breaks validation for the form thus returning user to page to re-edit content
$RemarksValidationOK = false;
$ValidationOK = false; // Whole Form Validation
}
?>
Code:
<?php if (!$RemarksValidationOK) { echo "No HTML please!"; } ?>
While this works fine for stripping html, it also kicks back apostrophes and quotes. I would like the user to be able to use them, but I'm not completely sure how to do that. I want to maintain security so that people can't put errant code in the input box, but atleast it doesn't kick back on an apostrophe. Quotes would be nice, but not necessary if I'm better off leaving it as is.
I think I have a basic concepts of these commands in php to have gotten it working thus far, but I'm betting I can modify these commands to function better for me:
- preg_replace - I'm a little flaky on the syntax and how it's used, but understand how it works
- stripslashes & addslashes - not sure I fully understand this function to properly use it for what I need.
Thanks in advance!
Dan
Comment