PHPNewbie-KY
Mon 27 August 2007, 07:58 pm GMT +0200
How can I block HTML from being entered into my PHP guest book form?!
anthonyw
Mon 27 August 2007, 10:19 pm GMT +0200
You can't. However, you can encode it to ensure that it is not transmitted back to the browser as raw HTML by using the htmlentities function. If you do that, then it will show up as-typed because <> are converted to < and >, for example.
olaf
Mon 27 August 2007, 10:31 pm GMT +0200
You can't. However, you can encode it to ensure that it is not transmitted back to the browser as raw HTML by using the htmlentities function. If you do that, then it will show up as-typed because <> are converted to < and >, for example.
thats not true, check the function strip_tags
PHPNewbie-KY
Mon 27 August 2007, 10:35 pm GMT +0200
Thanks Olaf!
anthonyw
Mon 27 August 2007, 10:39 pm GMT +0200
strip_tags doesn't stop people entering the tags in the form, it just strips them. Yes, that's an alternative to quoting them. You could also do something else to them with a regex. My point was: you have to deal with the fact that someone might enter them in the form, rather than trying to prevent it at source.
Personally, I dislike strip_tags, since it discards the input --- what if someone wanted to enter text that just happened to look like HTML tags?
Personally, I dislike strip_tags, since it discards the input --- what if someone wanted to enter text that just happened to look like HTML tags?
olaf
Mon 27 August 2007, 11:11 pm GMT +0200
sure preventing people to enter html tags is not possible, but if someone like to block html in his guestbook "strip_tags" is the answer ;)
Nikolas
Tue 28 August 2007, 09:16 am GMT +0200
Personally, I dislike strip_tags, since it discards the input --- what if someone wanted to enter text that just happened to look like HTML tags?
In that case you can use htmlspecialchars()