Php And Disabling Html Tags

Php And Disabling Html Tags

Free Web Hosting, No Ads

Free Web Hosting, No Ads Portal

Free Web Hosting

Welcome Guest ( Log In | Register)

Free Web Hosting, No Ads > CONTRIBUTE > Computers > Programming Languages > PHP Programming

2 Pages

1 2 >

Reply to this topic

Start new topic

Php And Disabling Html Tags, how can i do this?

shadowx View Member Profile Find Member's Posts	Jun 1 2006, 01:01 PM Post #1
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 974 Joined: 12-April 06 From: Essex, UK Member No.: 21,719	Hello everyone Im TRYING to make a forum and obviously for security i need to disable HTML tags being used in posts. i know how to use the str_replace() function but to be honest i think id have to do that for every single tag. I also trued using the html CODE <XMP> stuff </XMP> tag but i need to be able to use the new line tag to make a new line as all the posts are stored as HTML. if this isnt clear let me give an example: QUOTE NEW POST PAGE > user makes new post and posts it > PHP PROCCESSOR PAGE MAKES HTML FILE > NEW HTML FILE CONTAINING THE POST > user veiws the post using a php page to retrieve the html and display it hopefully that explains it better. so unless i can find another way of putting lnie breaks into the mesage i need to disable all html tags except the new line tag. im begining to think that html might not be ideal for storing the message data, but i was sure that an sql table had a character limit of 255 characters or am i wrong? Thanx in advanced (list)

rvalkass View Member Profile Find Member's Posts	Jun 1 2006, 04:22 PM Post #2
apt-get moo Group: [MODERATOR] Posts: 2,111 Joined: 28-May 05 From: Hertfordshire, England Member No.: 7,593	Virtually ever single forum script out there uses a database, whether that be MySQL, SqLite, PostgreSQL or another system. As far as I am aware there isn't a character limit of 255 on things like the TEXT datatype in MySQL. This is how most forums store their post content, and it allows you to have long posts with no character limit, although many forums impose a character limit due to database size restrictions. As for the removing HTML tags, your best bet would be to remove all tags, so < anything > and then replace a linebreak with a special character, like the ¦ symbol. Then when you load the post, remove that symbol and replace it with a linebreak tag. If not then look at some tutorials or other forum scripts and see how they do it. (list)

shadowx View Member Profile Find Member's Posts	Jun 1 2006, 06:42 PM Post #3
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 974 Joined: 12-April 06 From: Essex, UK Member No.: 21,719	QUOTE(rvalkass @ Jun 1 2006, 05:22 PM) Virtually ever single forum script out there uses a database, whether that be MySQL, SqLite, PostgreSQL or another system. As far as I am aware there isn't a character limit of 255 on things like the TEXT datatype in MySQL. This is how most forums store their post content, and it allows you to have long posts with no character limit, although many forums impose a character limit due to database size restrictions. As for the removing HTML tags, your best bet would be to remove all tags, so < anything > and then replace a linebreak with a special character, like the ¦ symbol. Then when you load the post, remove that symbol and replace it with a linebreak tag. If not then look at some tutorials or other forum scripts and see how they do it. Humm...i might give the database idea a go it would savea lot of hassle i guess it just made me think also with this forum that it seems to have each post stored as a HTML file, if you look at the address bar its topicname12345.html where 12345 is a random number. I shall try using the database and such i think. God knows where i got the idea of a character limit then! thanx (list)

electriic ink View Member Profile Find Member's Posts	Jun 1 2006, 06:53 PM Post #4
Incest is a game the whole family can play. Group: [MODERATOR] Posts: 1,217 Joined: 11-February 05 From: Heaven Member No.: 3,709	The topics aren't stored as html pages but in databases as rvalkass mentioned. The links to html pages that you see on the D2-Latest Topics Mod at the bottom and everywhere else are all virtual and are formed, somehow, using apache. To prove that they aren't proper pages but virtual, visit the URL below: http://www.trap17.com/forums/HEY_LOOK_I_CA...URL-t37546.html . As for trying to stop people utilising html, try this code: CODE <? $post = str_replace ('<', '<', $post); $post = str_replace ('>', '>', $post); ?> And for making new lines in the textbox turn into <br /> CODE <? $post = nl2br ($post); ?> To make it so that the break tag appears in HTML format rather than XHTML format, add the following code afterwards: CODE <? $post = str_replace ('<br />', '<br>', $post); ?> $post being whatever the variable containing the post's data is and < and > are the ASCII codes for < and > so they won't render as html. (list)

arcticsnpr View Member Profile Find Member's Posts	Jun 1 2006, 07:03 PM Post #5
Newbie [Level 2] Group: Members Posts: 27 Joined: 5-April 06 Member No.: 21,363	i think all your looking for is one small funcion: CODE htmlspecialchars(data); I'm not sure if this is what you are looking for, but what this does is takes any html tags and puts them into english, so it will print out the html. , arctic (list)

shadowx View Member Profile Find Member's Posts	Jun 1 2006, 09:14 PM Post #6
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 974 Joined: 12-April 06 From: Essex, UK Member No.: 21,719	thanks for that electriic ink it makes sense, i think ill use a database and some of the functions below to strip the HTML and then do it that way. i learn something new every day! stil lhave no idea how i got the whole 255 character limit thing from though...it puzzled me how forums worked i just assumed they used some kind of file to store the data in, now i know differently! (list)

Spectre View Member Profile Find Member's Posts	Jun 1 2006, 09:54 PM Post #7
Privileged Member Group: Members Posts: 874 Joined: 30-July 04 Member No.: 246	Little off-topic, but Trap17's method could be repeated using Apache's mod_rewrite (I'm not 100% sure what path Trap17 takes, but I'm assuming it would similar to this): CODE RewriteRule ^/?forums/(.)-t([0-9])\.html$ /path/script.php?tid=$2 [L,QSA] This completely disregards the actual path, only taking into consideration the numbers which appear after the '-t' and before the '.html', and passing that value onto '/path/script.php' which can then do with it as it will. This URL rewriting is done on Trap17 purely for SEO purposes; there are many other things you could use it for, though. (list)

BuffaloHELP View Member Profile Find Member's Posts	Jun 1 2006, 11:15 PM Post #8
Desperately seeking "any key" to continue... Group: Admin Posts: 3,467 Joined: 23-April 05 From: Trap17 storage box Member No.: 6,042	Regretfully going off topic here. Trap17's forum, Invision, has built-in "disable HTML tags" under admin control. However, I'm sure when the admin's control is triggered it uses some reliable stripping method to cancel out the < html command > and post it as plain text. (list)

beeseven View Member Profile Find Member's Posts	Jun 1 2006, 11:36 PM Post #9
Privileged Member Group: Members Posts: 629 Joined: 26-February 05 Member No.: 3,995	arcticsnpr is right, htmlspecialchars or htmlentities will convert < and > to < and >. It will also convert other things which you can find here: http://us2.php.net/manual/en/function.htmlentities.php