Re: [PHP] "nullifying" php and html tags?
Yes, there is a function strip_tags(). Also look at the functions, htmlentities() and htmlspecialchars(). Janet - Original Message - From: "Police Trainee" <[EMAIL PROTECTED]> To: "PHP" <[EMAIL PROTECTED]> Sent: Monday, February 18, 2002 9:47 PM Subject: [PHP] "nullifying" php and html tags? > Hello. I just finished creating a simple input form in > which the contents of a textarea get written to a file > which in turn gets read by a particular page. is there > anyway to "disable" any html or php tags that the user > might have typed in? it seems pretty dangerous to > allow a user to enter any amount of php programming at > their will. > something as simple as a function that strips all <'s > and >'s would work just as well i would imagine. > > thanks! > > -mark > > __ > Do You Yahoo!? > Yahoo! Sports - Coverage of the 2002 Olympic Games > http://sports.yahoo.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] "nullifying" php and html tags?
> Hello. I just finished creating a simple input form in > which the contents of a textarea get written to a file > which in turn gets read by a particular page. is there > anyway to "disable" any html or php tags that the user > might have typed in? it seems pretty dangerous to > allow a user to enter any amount of php programming at > their will. > something as simple as a function that strips all <'s > and >'s would work just as well i would imagine. Look at ereg_replace() and html_special_chars() in the fine manual: http://www.php.net/manual/en/function.ereg-replace.php http://www.php.net/manual/en/function.htmlspecialchars.php Greg Donald - http://destiney.com/ http://phprated.com/ | http://phplinks.org/ | http://phptopsites.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] "nullifying" php and html tags?
> Would strip_tags() do? Easily gotten-around then by not closing your PHP tags. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] "nullifying" php and html tags?
> Hello. I just finished creating a simple input form in > which the contents of a textarea get written to a file > which in turn gets read by a particular page. This is a Really Bad Idea(tm). > it seems pretty dangerous to allow a user to enter any > amount of php programming at their will. ... and that's why. > something as simple as a function that strips all <'s > and >'s would work just as well i would imagine. You could just read the file from another script with file() and output it rather than include()'ing it. That way the code is never executed. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] "nullifying" php and html tags?
Would strip_tags() do? On Mon, 2002-02-18 at 21:47, Police Trainee wrote: > Hello. I just finished creating a simple input form in > which the contents of a textarea get written to a file > which in turn gets read by a particular page. is there > anyway to "disable" any html or php tags that the user > might have typed in? it seems pretty dangerous to > allow a user to enter any amount of php programming at > their will. > something as simple as a function that strips all <'s > and >'s would work just as well i would imagine. > > thanks! > > -mark > > __ > Do You Yahoo!? > Yahoo! Sports - Coverage of the 2002 Olympic Games > http://sports.yahoo.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Sliante, Richard S. Crawford mailto:[EMAIL PROTECTED] http://www.mossroot.com AIM: Buffalo2K ICQ: 11646404 Yahoo!: rscrawford MSN: [EMAIL PROTECTED] "It is only with the heart that we see rightly; what is essential is invisible to the eye." --Antoine de Saint Exupery "Push the button, Max!" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] "nullifying" php and html tags?
Hello. I just finished creating a simple input form in which the contents of a textarea get written to a file which in turn gets read by a particular page. is there anyway to "disable" any html or php tags that the user might have typed in? it seems pretty dangerous to allow a user to enter any amount of php programming at their will. something as simple as a function that strips all <'s and >'s would work just as well i would imagine. thanks! -mark __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
