Technology Feed
Twitter
Tuesday, 28 October 2008
Using text fields on web based forms to obtain information from a website user can often lead to unexpected string inputs. A typical unexpected input might be a field that asks a user to submit a link and a description – spammers may use this description field to stuff with extra links.
Fortunately, PHP has the command strip_tags to remove these tags.
$myString = "<p><a href='gohere.html'>This is some text</a></p>";
$newString = strip_tags($myString);
You can allow specified tags by using the option parameter of strip_tags, so to include the <p> tag in the string above but remove the <a> tag use this command
$newString = strip_tags($myString,"<a>");
It would also be useful to use the mysql_real_escape_string in this instance to avoid SQL Injections.
Related
- PHP: Encoding HTML Special Characters
- Java (Midlet): Obtain Content Types
- Javascript: Set Focus of HTML Textbox
- HTML Special Characters Poster
- PHP: Add Slashes to text
[...] least there is a way around this using PHP: Removing HTML Tags from Strings and PHP: Avoiding mySQL Injections. There are also a few other tricks up our sleeves to combat [...]
But this doesnt remove css style codes from a text. How to completely remove style code from a text? Is there a way for it? Thanks for help.