i working on a comment system and i dont want people to be able to use html for obvious reasons .. so i used htmlspecialchars() but, which works, but then it makes the the quote " into "
how can i work around this and still not allow html?
thanx.
hmm is this right?
$string = htmlspecialchars($string, ENT_QUOTES);
actually, htmlspecialchars doesn't work the way i want it to.
does anyone know how to keep html like this: <b>preserve html</b> ???
If you want to leave the double quotes unchanged, then you should use:
$string = htmlspecialchars($string, ENT_NOQUOTES);
As for re-enabling some tags, that usually involves using regular expression to "turn back on" allowed tags.
htmlspecialchars() is a great function, but not what you need here. Check out the strip_tags() function
http://www.php.net/strip_tags
<?php $string = "<h1>no way</h1><b>yes way</b>"; $string = strip_tags($string, '<a><b><i><u>'); ?>
