0

Hi. I'm currently trying to make a comment system. It works great, 'cept, if the user writes </html> or... any other html tag that doesn't close. Now, my initial idea was to convert string, i.e: space(' ', 32) -> &lpsb;, \n -> <br />. For that, I made an array, and inserted it into preg_replace. Now, that worked fine. Until I wanted to add some more conversions, namely the html tags. < would be converted into &lt; and > would be converted into &gt; Now, when the I attempted to write a comment, the aftermath of the operations resulted in some odd outcome. I.E, <br /&gt&lpsb; blah blah blah.

Could anyone help me out with this matter?

Much obliged.

4
Contributors
9
Replies
10
Views
6 Years
Discussion Span
Last Post by diafol
0

Are you allowing your users to freely input actual <tags>? What if someone tried to stick a div styled to cover your whole page with some bs? What if someone tried to stick some nasty <script>?

0

Well, the tag conversion seems to bypass that problem. <textarea>blah</textarea> and <div> would have absolutely no effect on the page itself.

0

You can use strip_tags() using a second parameter to allow a list of tags.

Edited by diafol: n/a

0

You can use strip_tags() using a second parameter to allow a list of tags.

Could work if I only wanted certain html tags to be used, but in my case, I want every <HTML_TAG> to be converted to &lt;HTML_TAG&gt; (so it can be shown as <HTML_TAG> in the browser without actually having any effect) and any \n to be converted to <br /> same for space.

0

easy enough with htmlentities() and nl2br().

Edited by diafol: n/a

0

easy enough with htmlentities() and nl2br().

Looks nice. Thanks.

0

Doesn't work too well with stripslashesh, and mysql_real_escape_string, though :p

0

Didn't realise you were using a DB. mysql_real_escape_string() would be better.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.