July 20th, 2000, 03:47 PM
How can i disable html-code-input in my php-guestbook?
July 20th, 2000, 04:04 PM
I don't know of any way to keep someone from putting HTML code, although I think I saw somehting about it on www.phpbuilder.com , but you don't have to actually display it, you could just use the strip_tags function, it will take off all of the HTML and then you can just display it.
July 20th, 2000, 04:23 PM
This will work greate:
$nohtml = (ereg_replace("<", "", $nohtml));
Where $nohtml is the variable where you donīt want html work. It will remove all <īs. Also, html vill not work.
July 20th, 2000, 04:59 PM
July 20th, 2000, 05:04 PM
ya, that is what I meant to day, if mine want' clear .
Chrille: I have one problem with your code, it will disable the HTML, but it won't take it out, it will just remove the first bracket so you'll have all these B> /B> etc. However if you would do something like
$nohtml = ereg_replace("<([0-9 A-Z a-z)>", "", $nohtml);
$nohtml = ereg_replace("</([0-9 A-Z a-z)>", "", $nohtml);
That would probably work.
July 20th, 2000, 05:44 PM
Regexps are not the way to do this. There are too many things that could go wrong. PHP has the strip_tags() function which does this very nicely. Use it...
July 20th, 2000, 06:09 PM
or rather than stripping the tags,you could use htmlentities() or htmlspecialchars() to replace the brackets < and > with specials codes ;lt and ;gt. that way the text will appear exactly as they have typed it into the text box, but it won't be an active link or image...know what i mean?
July 20th, 2000, 06:47 PM
July 20th, 2000, 07:43 PM
Regular expressions are unnecessary. Use either strip_tags() or htmlspecialchars() depending on how you want to handle it.
July 21st, 2000, 01:47 AM
Agreeing with Dwarf & Anti - use regex only when you have to.
July 21st, 2000, 08:41 AM
thanks, this will help me very well