PDA

View Full Version : Disable HTML in Forms


Fugler
07-17-2004, 04:54 PM
Hi. I was just wondering. When you're making your own thing like a guestbook or something like that, how do you going about allowing or disallowing HTML in the forms in order to prevent bad input?

Any help is much appreciated.

filburt1
07-17-2004, 05:58 PM
Hi. I was just wondering. When you're making your own thing like a guestbook or something like that, how do you going about allowing or disallowing HTML in the forms in order to prevent bad input?

Any help is much appreciated.

$converted = htmlspecialchars($original);

If your page is powered by vB, use htmlspecialchars_uni() which specifically supports Unicode.

Fugler
07-17-2004, 06:02 PM
Thanks, so how would I use that, Do I just put it somewhere on the page?

Also, would it work in a non vB powered page?

NTLDR
07-17-2004, 06:14 PM
htmlspecialchars() is a standard PHP function and will work on any PHP page. htmlspecialchars_uni() will only work on pages powered by vBulletin.

Run htmlspecialchars() on the variable that contains the input from the form, for example:


$text_without_html = htmlspecialchars($_POST['message']);

Fugler
07-17-2004, 06:21 PM
Ahh, I think I see now, Thanks for all your help the pair of you :D