> I still fail to see how BB code helps in any way, since you have to
make
> these
> same considerations. But, like I said, maybe I'm missing something.
:-)
I agree pretty much. The only way it helps is that it's easier for
people to pick up, however slightly. Instead of explaining to people to
us
--- Leif K-Brooks <[EMAIL PROTECTED]> wrote:
> My BBCode class takes care of unended tags, and much more. Have a look
> at http://www.phpclasses.org/browse.html/package/951.html.
You have to log in to view any source on that site (or so it seems), so no
thanks.
Unended tags are easy enough to h
My BBCode class takes care of unended tags, and much more. Have a look
at http://www.phpclasses.org/browse.html/package/951.html.
Chris Shiflett wrote:
I still fail to see how BB code helps in any way, since you have to make these
same considerations. But, like I said, maybe I'm missing somethi
--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> You don't want to do matching like you've shown, though. If I put a on
> my page with no , then it's going to make everything on the entire page
> following my post bold.
Well, my example was simplified. If the user's data is contained in a ta
> --- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > I disagree. I think stripping HTML from my text is a horrible thing. If
> > I want to put a in my text, then use htmlentities() and show me a
> > when I look at it. Obviously you don't want to "evaluate" HTML, but
> > the end result should be
That's useful stuff, thanks - and thanks to other respondents.
My main concerns are to avoid junk in the database (and on-screen messages)
and to avoid dangerous and malicious postings, like the one Justin outlined
below (so I guess strip_tags is a major step there). What I have in mind,
then, is:
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> I disagree. I think stripping HTML from my text is a horrible thing. If
> I want to put a in my text, then use htmlentities() and show me a
> when I look at it. Obviously you don't want to "evaluate" HTML, but
> the end result should be that I sho
on 20/03/03 3:53 PM, John W. Holmes ([EMAIL PROTECTED]) wrote:
>> And yes, definitely striptags(), and follow the advice on the rest of
> the
>> thread.
>
> I disagree. I think stripping HTML from my text is a horrible thing. If
> I want to put a in my text, then use htmlentities() and show me a
> And yes, definitely striptags(), and follow the advice on the rest of
the
> thread.
I disagree. I think stripping HTML from my text is a horrible thing. If
I want to put a in my text, then use htmlentities() and show me a
when I look at it. Obviously you don't want to "evaluate" HTML, but
the
The first rule is to NEVER rely on anything that they give you, or any of
the security precautions in your form code, because someone can always creat
a less-secure form which posts to the same script.
So, whilst maxlength='4' for a year select thing is great, you should check
at the other end tha
You can also use basic functions like is_numeric() [to
make sure the value is numeric - duh] or a custom
function to do something like check for a valid email
address format.
I have a news site that explodes the URL to get values
for the directory/article it is supposed to display.
since the types
> I'd like to canvas opinions about what's needed to clean user input.
I'm
> using an HTML form where users enter simple things like name and phone
> number, but also a couple of small text areas for address and a
message
> (up
> to 50 words or so).
>
> How would people recommend cleaning this dat
It really depends on what you what to do with the data.
For instance, if you want to insert into a database, you'll want to run
addslashes() on it, or some other such quoting.
If you wnat to use the data as a forum post or comment, etc, you'll want
to strip the html out of it with strip_tags()
13 matches
Mail list logo
