NOT display html

Anon

I have a form which folks use to submit info into a database, there are also tools by which they can edit/display/remove this info. Currently any info which is in <> does not get displayed AND a bigger problem is javascript, folks are using it to pop alerts out when the table displaying the info is pushed out. How do I prevent this?

Anon

I use this code, it should also disable javascript:

$data_string = HtmlSpecialChars($data_string);
$data_string = ereg_replace( "(&lt😉(/{0,1})(b|big|i|li|ol|p|small|ul)(&gt😉", "<\2\3>", $data_string);

I run this code on the data before it goes into the database.

The first line renders the html useless, the tags will displayed, however. The second line allows certain html tags to be used ( , <big>, , <li>, <ol>, , , and <ul> as well as their closing tags)

See if that helps!

Anon

...agreed, or you could just use strip_tags to get rid of the lot, though your solution allows more flexibility.

Anon

strip_tags() is actually quite nice, you can pass it a comma-separated list of the tags you want to permit (in my case, it's ,, and ) and it passes these, and automatically takes care of the corresponding end tags too.

Anon

HI..

I have template files .tpl written. These templates contain some content information written in them using tabular formats of Html. I want to call them in Html files. How can I do that ? I want to call them so as to get this content written in .tpl files displayed in html files.
Thanks,
Milind.