Ask about general coding issues or problems here.
Moderators: macek, egami, gesf
You can use the function htmlspecialchars
Code: Select all
$value = htmlspecialchars($value);
This way ANY html-contents in $value will be converted in a way that the browser will treat is as normal text.
if a user enters "<a href=www.somelink.com>link!</a>" in his post it will apear EXACTLY like that! (no link is created).
For more details see the manual
If you still want to give users capability's to adjust there text (bold, italic, whatever) just like is possible on this forum you could use [b ] and [/b ] (for example). You will have to change that you'reself though, but then you got full control on what is possible or not.
I think it will be easyer to do it as follows:
use htmlspecialchar to make sure every html-attribute is "disabled"
then check the post for every [b ] (for instance) and replace that with <b>. You can do that with every [ think of something ] you want.
You can use str_replace
, to replace those brackets.
it will be much more difficult to check for special html-entities and exclude them from htmlspecialchar than using [brackets]
You'll want to try using a regular expression function. I'm sorry I can't help you on that, it's one area which I still haven't mastered!
Who is online
Users browsing this forum: Baidu [Spider] and 10 guests