Hello
I have found a great script (i think)(which I'll list below this post) it looks like it does exactly what I want it to...but I lack the knowledge to intergrate it into my form, could someone please show me how I do it?. The script basically strips 'any tags' out of a form submission I want it to work in this context:
user submits information>
information is checked>
checked information inserted into database>
Is this possible? using the script below and can you show me some code to do this. The script is as follows:
<?php
function safeHTML($str)
{
$approvedtags = array(
"p"=>2, // 2 means accept all qualifiers: <foo bar>
"b"=>1, // 1 means accept the tag only: <foo>
"i"=>1,
"a"=>2,
"em"=>1,
"br"=>1,
"strong"=>1,
"blockquote"=>1,
"tt"=>1,
"hr"=>1,
"li"=>1,
"ol"=>1,
"ul"=>1
);
$keys = array_keys($approvedtags);
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>","<\\1>",$str);
$str = eregi_replace("<a([^>]*)href=\"?([^\"]*)\"?([^>]*)>","<a href=\"\\2\">", $str);
$tmp = "";
while (eregi("<([^> ]*)([^>]*)>",$str,$reg))
{
$i = strpos($str,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/")
$tag = strtolower(substr($reg[1],1));
else
$tag = strtolower($reg[1]);
if (in_array($tag,$keys) && $a = $approvedtags[$tag] )
{
if ($reg[1][0] == "/")
$tag = "</$tag>";
elseif ($a == 1)
$tag = "<$tag>";
else
$tag = "<$tag " . $reg[2] . ">";
}
else
{
$tag = "";
}
$tmp .= substr($str,0,$i) . $tag;
$str = substr($str,$i+$l);
}
$str = $tmp . $str;
// Squash PHP tags unconditionally
$str = ereg_replace("<\?","",$str);
// Squash comment tags unconditionally
$str = ereg_replace("<!--","",$str);
return $str;
}
?>
Any help would be very greatly appreciated...
Cheers john
