> --- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > I disagree. I think stripping HTML from my text is a horrible thing. If
> > I want to put a <b> in my text, then use htmlentities() and show me a
> > <b> when I look at it. Obviously you don't want to "evaluate" HTML, but
> > the end result should be that I should see exactly what I typed into the
> > text box.

The real problem I have with strip_tags is that if I want to type <smile> or
<grin>, it's going to be stripped out and now I have to go back and edit my
code and change it to something else... If you just use htmlentities(), the
user is none the wiser.

> > If you need to allow formatted text, then use something like BBcode
> > where you can specify exactly what is allowed.
> Maybe there is something I'm missing, but I have always hated these
> markup languages like "BBcode" that seem to offer no benefit over HTML. If
> want to allow the <b> tag to be evaluated, you can do something like this
> you use htmlentities():
> $blah = str_replace('&lt;b&gt;', '<b>', $blah);
> $blah = str_replace('&lt;/b&gt;', '</b>', $blah);
> Of course, if people want the <b> to appear exactly as they type it, they
> either have to use &lt;b&gt;, or you would have to let them choose an
option as
> to whether they want to use HTML (much like slash code does).

That would work, too, I guess. If the user actually typed in &lt; it would
be encoded as &amplt; and not match something similar to a replacement like
you've shown.

You don't want to do matching like you've shown, though. If I put a <b> on
my page with no </b>, then it's going to make everything on the entire page
following my post bold. When "cleaning" the data, you want to make sure you
match a pattern that includes both the start and end tag. You can use
regular expressions or go through character by character.

---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to