preg_replace data

Question

Infame 0 Newbie Poster

12 Years Ago

Hi. I'm currently trying to make a comment system. It works great, 'cept, if the user writes </html> or... any other html tag that doesn't close. Now, my initial idea was to convert string, i.e: space(' ', 32) -> &lpsb;, \n -> <br />. For that, I made an array, and inserted it into preg_replace. Now, that worked fine. Until I wanted to add some more conversions, namely the html tags. < would be converted into < and > would be converted into > Now, when the I attempted to write a comment, the aftermath of the operations resulted in some odd outcome. I.E, <br /&gt&lpsb; blah blah blah.

Could anyone help me out with this matter?

Much obliged.

php

4 Contributors
9 Replies
165 Views
12 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by diafol

All 9 Replies

touch_the_sky 2 Newbie Poster

12 Years Ago

Are you allowing your users to freely input actual <tags>? What if someone tried to stick a div styled to cover your whole page with some bs? What if someone tried to stick some nasty <script>?

diafol

12 Years Ago

You can use strip_tags() using a second parameter to allow a list of tags.

Edited 12 Years Ago by diafol because: n/a

diafol

12 Years Ago

easy enough with htmlentities() and nl2br().

Edited 12 Years Ago by diafol because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Infame 0 Newbie Poster · Answer 1 · 2011-10-06T22:50:25+00:00

Well, the tag conversion seems to bypass that problem. <textarea>blah</textarea> and <div> would have absolutely no effect on the page itself.

Infame 0 Newbie Poster · Answer 2 · 2011-10-07T00:06:42+00:00

You can use strip_tags() using a second parameter to allow a list of tags.

Could work if I only wanted certain html tags to be used, but in my case, I want every <HTML_TAG> to be converted to <HTML_TAG> (so it can be shown as <HTML_TAG> in the browser without actually having any effect) and any \n to be converted to <br /> same for space.

stoopkid 6 Junior Poster in Training · Answer 3 · 2011-10-07T00:20:28+00:00

I agree with ardav, htmlentities is the way to go. I recently had to use this function myself for the first time and consulted W3 Schools for some examples:
http://www.w3schools.com/PHP/func_string_htmlentities.asp

Hope that tutorial helps you as much as it helped me! Also, don't forget to check php.net for an extensive explanation of the functionality:
http://php.net/manual/en/function.htmlentities.php

Infame 0 Newbie Poster · Answer 4 · 2011-10-07T00:25:44+00:00

easy enough with htmlentities() and nl2br().

Looks nice. Thanks.

Infame 0 Newbie Poster · Answer 5 · 2011-10-07T03:59:23+00:00

Doesn't work too well with stripslashesh, and mysql_real_escape_string, though :p

diafol · Answer 6 · 2011-10-07T04:39:38+00:00

Didn't realise you were using a DB. mysql_real_escape_string() would be better.

preg_replace data

Recommended Answers Collapse Answers

All 9 Replies

Recommended Answers