> --- "John W. Holmes" <[EMAIL PROTECTED]> wrote: > > I disagree. I think stripping HTML from my text is a horrible thing. If > > I want to put a <b> in my text, then use htmlentities() and show me a > > <b> when I look at it. Obviously you don't want to "evaluate" HTML, but > > the end result should be that I should see exactly what I typed into the > > text box.
The real problem I have with strip_tags is that if I want to type <smile> or <grin>, it's going to be stripped out and now I have to go back and edit my code and change it to something else... If you just use htmlentities(), the user is none the wiser. > > If you need to allow formatted text, then use something like BBcode > > where you can specify exactly what is allowed. > > Maybe there is something I'm missing, but I have always hated these alternative > markup languages like "BBcode" that seem to offer no benefit over HTML. If you > want to allow the <b> tag to be evaluated, you can do something like this after > you use htmlentities(): > > $blah = str_replace('<b>', '<b>', $blah); > $blah = str_replace('</b>', '</b>', $blah); > > Of course, if people want the <b> to appear exactly as they type it, they would > either have to use <b>, or you would have to let them choose an option as > to whether they want to use HTML (much like slash code does). That would work, too, I guess. If the user actually typed in < it would be encoded as &lt; and not match something similar to a replacement like you've shown. You don't want to do matching like you've shown, though. If I put a <b> on my page with no </b>, then it's going to make everything on the entire page following my post bold. When "cleaning" the data, you want to make sure you match a pattern that includes both the start and end tag. You can use regular expressions or go through character by character. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php