Form Validation - HTML Tag stripping
By Jamsi • Jan 17th, 2006 • Category: PHPThis short article will talk about protecting your web forms from users who may try to exploit your website by entering in HTML into a text box.
Validation is something all web coders should think about as it protects the end user from making mistakes and protects your website from malicious attacks.
The following code uses the “htmlspecialchars” PHP function to strip all HTML tags from the entered data and then puts back what is allowed according to what YOU set.
1 2 3 4 5 6 7 8 9 10 11 12 13 | <?php // Put form data into a variable $news = $_REQUEST["txtBox"]; // Strip all HTML Tags $content = htmlspecialchars($news, ENT_NOQUOTES); // Certain HTML tags are allowed: translate them back. $allowedTags = "em|strong|b|i|a|span|blockquote|br|div|hr|u|p|font"; $content = preg_replace_callback('!<!--?('.$allowedTags.')( .*?)?-->!i', create_function('$matches','return str_replace(array(">", "<", """, "&"), array(">", "<", "\"", "&"), $matches[0]);'), $content); ?> |
No related posts.
FREE NEWSLETTER -> Want Tech Tips Sent Straight to your Inbox?
Grab our Newsletter to Ensure your PC is Running Smooth!
Jamsi is currently studying a full time Bachelor of Computer/Business degree and working part time as an Internet Security Consultant.
Email this author | All posts by Jamsi
