|
|
|
|
   |
Post
#1
 Jun 1 2006, 01:01 PM
Hello everyone Im TRYING to make a forum and obviously for security i need to disable HTML tags being used in posts. i know how to use the str_replace() function but to be honest i think id have to do that for every single tag. I also trued using the html CODE <XMP> stuff </XMP> tag but i need to be able to use the new line tag to make a new line as all the posts are stored as HTML. if this isnt clear let me give an example:QUOTE NEW POST PAGE > user makes new post and posts it > PHP PROCCESSOR PAGE MAKES HTML FILE > NEW HTML FILE CONTAINING THE POST > user veiws the post using a php page to retrieve the html and display it hopefully that explains it better. so unless i can find another way of putting lnie breaks into the mesage i need to disable all html tags except the new line tag. im begining to think that html might not be ideal for storing the message data, but i was sure that an sql table had a character limit of 255 characters or am i wrong? Thanx in advanced 
 
|
 |
|
Group: [MODERATOR]
Posts: 2,782 Joined: 28-May 05 From: Devon, England Member No.: 7,593  myCENT:61.50 |
Post
#2
Jun 1 2006, 04:22 PM
Virtually ever single forum script out there uses a database, whether that be MySQL, SqLite, PostgreSQL or another system. As far as I am aware there isn't a character limit of 255 on things like the TEXT datatype in MySQL. This is how most forums store their post content, and it allows you to have long posts with no character limit, although many forums impose a character limit due to database size restrictions. As for the removing HTML tags, your best bet would be to remove all tags, so < anything > and then replace a linebreak with a special character, like the ¦ symbol. Then when you load the post, remove that symbol and replace it with a linebreak tag. If not then look at some tutorials or other forum scripts and see how they do it.
|
|
|
Post
#3
Jun 1 2006, 06:42 PM
QUOTE(rvalkass @ Jun 1 2006, 05:22 PM) [snapback]255637[/snapback] Virtually ever single forum script out there uses a database, whether that be MySQL, SqLite, PostgreSQL or another system. As far as I am aware there isn't a character limit of 255 on things like the TEXT datatype in MySQL. This is how most forums store their post content, and it allows you to have long posts with no character limit, although many forums impose a character limit due to database size restrictions. As for the removing HTML tags, your best bet would be to remove all tags, so < anything > and then replace a linebreak with a special character, like the ¦ symbol. Then when you load the post, remove that symbol and replace it with a linebreak tag. If not then look at some tutorials or other forum scripts and see how they do it. Humm...i might give the database idea a go it would savea lot of hassle i guess it just made me think also with this forum that it seems to have each post stored as a HTML file, if you look at the address bar its topicname12345.html where 12345 is a random number. I shall try using the database and such i think. God knows where i got the idea of a character limit then! thanx
|
|
|
Post
#4
Jun 1 2006, 06:53 PM
The topics aren't stored as html pages but in databases as rvalkass mentioned. The links to html pages that you see on the D2-Latest Topics Mod at the bottom and everywhere else are all virtual and are formed, somehow, using apache. To prove that they aren't proper pages but virtual, visit the URL below: http://www.trap17.com/forums/HEY_LOOK_I_CA...URL-t37546.html [hr=shade].[/hr] As for trying to stop people utilising html, try this code: CODE <? $post = str_replace ('<', '<', $post); $post = str_replace ('>', '>', $post); ?> And for making new lines in the textbox turn into <br /> CODE <? $post = nl2br ($post); ?> To make it so that the break tag appears in HTML format rather than XHTML format, add the following code afterwards: CODE <? $post = str_replace ('<br />', '<br>', $post); ?> $post being whatever the variable containing the post's data is and < and > are the ASCII codes for < and > so they won't render as html.
|
|
Group: Members
Posts: 27 Joined: 5-April 06 Member No.: 21,363 |
Post
#5
Jun 1 2006, 07:03 PM
i think all your looking for is one small funcion: CODE htmlspecialchars(data); I'm not sure if this is what you are looking for, but what this does is takes any html tags and puts them into english, so it will print out the html. , arctic
|
|
|
Post
#6
Jun 1 2006, 09:14 PM
thanks for that electriic ink it makes sense, i think ill use a database and some of the functions below to strip the HTML and then do it that way. i learn something new every day! stil lhave no idea how i got the whole 255 character limit thing from though...it puzzled me how forums worked i just assumed they used some kind of file to store the data in, now i know differently!
|
|
Group: Members
Posts: 873 Joined: 30-July 04 Member No.: 246 |
Post
#7
Jun 1 2006, 09:54 PM
Little off-topic, but Trap17's method could be repeated using Apache's mod_rewrite (I'm not 100% sure what path Trap17 takes, but I'm assuming it would similar to this): CODE RewriteRule ^/?forums/(.*)-t([0-9]*)\.html$ /path/script.php?tid=$2 [L,QSA] This completely disregards the actual path, only taking into consideration the numbers which appear after the '-t' and before the '.html', and passing that value onto '/path/script.php' which can then do with it as it will. This URL rewriting is done on Trap17 purely for SEO purposes; there are many other things you could use it for, though.
|
|
Group: Admin
Posts: 3,764 Joined: 23-April 05 From: Trap17 storage box Member No.: 6,042 myCENT:61.80 |
Post
#8
Jun 1 2006, 11:15 PM
Regretfully going off topic here. Trap17's forum, Invision, has built-in "disable HTML tags" under admin control. However, I'm sure when the admin's control is triggered it uses some reliable stripping method to cancel out the < html command > and post it as plain text.
|
|
Group: Members
Posts: 629 Joined: 26-February 05 Member No.: 3,995 |
Post
#9
Jun 1 2006, 11:36 PM
arcticsnpr is right, htmlspecialchars or htmlentities will convert < and > to < and >. It will also convert other things which you can find here: http://us2.php.net/manual/en/function.htmlentities.php
|
|
Group: Members
Posts: 1,161 Joined: 9-May 05 From: Brisbane, QLD Member No.: 6,818 |
Post
#10
Jun 2 2006, 02:23 AM
If you want to remove all HTML, you can use the strip_tags function: http://au3.php.net/strip_tags
|
 |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
1 | illnet | 6,215 | 20th June 2004 - 04:50 PM Last post by: ultrasmad |
|||
 |
110 | chelcy | 83,440 | 21st November 2009 - 11:17 AM Last post by: The Simpleton |
|||
|
3 | -Sky- | 676 | 12th June 2009 - 08:48 PM Last post by: -Sky- |
|||
|
 |
40 | EricDrinkard | 39,866 | 1st November 2009 - 01:34 PM Last post by: Www.AnthonyLazaroni.Com |
||
|
11 | football123213 | 8,655 | 30th July 2004 - 03:34 PM Last post by: templest |
|||
|
 |
19 | odomike | 17,019 | 11th December 2004 - 05:30 PM Last post by: antitrust |
||
|
133 | djleli | 40,643 | 21st November 2009 - 10:58 AM Last post by: onkarnath2001 |
|||
|
10 | Saint_Michael | 8,966 | 7th May 2009 - 07:13 AM Last post by: contactskn |
|||
|
54 | habbovalley | 3,939 | 5th November 2009 - 09:59 AM Last post by: Ho-oh'sRealm |
|||
|
0 | deedee2003 | 3,750 | 5th September 2004 - 09:11 PM Last post by: deedee2003 |
|||
|
9 | Liquid Fire | 3,840 | 18th September 2009 - 09:17 PM Last post by: domguan |
|||
|
 |
12 | Saint_Michael | 6,979 | 18th December 2004 - 05:28 AM Last post by: s243a |
||
|
1 | hansley | 7,699 | 11th October 2004 - 03:54 AM Last post by: Trystim |
|||
|
2 | mrdee | 682 | 23rd November 2007 - 10:21 PM Last post by: mrdee |
|||
|
24 | solankyno1 | 6,871 | 7th September 2009 - 11:33 AM Last post by: nnsoccer |
|||
|
Open Discussion | Time is now: 26th November 2009 - 06:24 PM |
Web Hosting Powered by ComputingHost.com. Xisto.com : Honesty ROCKS! Truth Rules.
