> --- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > I disagree. I think stripping HTML from my text is a horrible thing. If
> > I want to put a <b> in my text, then use htmlentities() and show me a
> > <b> when I look at it. Obviously you don't want to "evaluate" HTML, but
> > the end result should be that I should see exactly what I typed into the
> > text box.
The real problem I have with strip_tags is that if I want to type <smile> or
<grin>, it's going to be stripped out and now I have to go back and edit my
code and change it to something else... If you just use htmlentities(), the
user is none the wiser.
> > If you need to allow formatted text, then use something like BBcode
> > where you can specify exactly what is allowed.
>
> Maybe there is something I'm missing, but I have always hated these
alternative
> markup languages like "BBcode" that seem to offer no benefit over HTML. If
you
> want to allow the <b> tag to be evaluated, you can do something like this
after
> you use htmlentities():
>
> $blah = str_replace('<b>', '<b>', $blah);
> $blah = str_replace('</b>', '</b>', $blah);
>
> Of course, if people want the <b> to appear exactly as they type it, they
would
> either have to use <b>, or you would have to let them choose an
option as
> to whether they want to use HTML (much like slash code does).
That would work, too, I guess. If the user actually typed in < it would
be encoded as &lt; and not match something similar to a replacement like
you've shown.
You don't want to do matching like you've shown, though. If I put a <b> on
my page with no </b>, then it's going to make everything on the entire page
following my post bold. When "cleaning" the data, you want to make sure you
match a pattern that includes both the start and end tag. You can use
regular expressions or go through character by character.
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
