Everyone,
I am doing an admin site for a person and their small site. I need to allow them to put in paragraphs of information. I am allowing them to put in some HTML like <b>, <br>, <p> <a href=""> a very limited amout of tags. What is the best way to submit and then show this information to make sure that bad tags, characters ad quotes dont mess up the code when displaying it.
Safest, best option is to incorporate some kind of BB code. [b] for bold, [url=] for link, etc. You can get bbcode parsers all over.
Another option would be strip_tags and allow the tags you mentioned. Still vulnerable to malicous code if people know what they are doing, but if the data is coming from a trusted source, it should be fine. It will not account for unclosed tags or messed up quotes, though.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
PHP|Architect: A magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
