0

Hi friends,

In my php form I just blocked the sql injection by adding below into my processing page $comment=mysql_real_escape_string($_POST['comment']); But I need to add "Richtext format in My Form ( Ie BOLD, ITALICS and UNDERLINE ).

Now I just want to enable only these in my processing page ( Only <b>,</b>,<u>,</u>,<i>,</i>).

Please advise me how to do this..
Thanks in advance
Rajeesh

3
Contributors
3
Replies
4
Views
6 Years
Discussion Span
Last Post by itslucky
0

mysql_real_escape_string escapes only following characters to prevent sql injection,
\x00, \n, \r, \, ', " and \x1a.

You can use strip_tags to add particular tags to your processing comment.

strip_tags($_POST['comment'], '<u></u><i></i><b></b>'); // Allow <u></u><i></i><b></b>

strip_tags

Edited by paulrajj: n/a

0

Thank you for your kind reply ......

I will go through it
Once again thanks

mysql_real_escape_string escapes only following characters to prevent sql injection,
\x00, \n, \r, \, ', " and \x1a.

You can use strip_tags to add particular tags to your processing comment.

strip_tags($_POST['comment'], '<u></u><i></i><b></b>'); // Allow <u></u><i></i><b></b>

strip_tags

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.