stackoom
  简体   繁体   中英

Accepting and display special characters safely

 原文  2015-02-22 23:25:40       php

Question

I know this has been said before, and most likely a duplicate, but I'm having trouble consolidating all the information I'm finding.

I have input boxes that store information. I'd like to allow the user to type in anything they want, and display it. However, if it happens to be something like <?php die(); ?> <?php die(); ?> , I obviously don't want it to execute.

I know there are things like htmlspecialchars() , however, if a user types something like <b> it will display &lt;b&gt; instead.

Is there a way around this?

1 answers

solution1
 0  2015-02-22 23:29:43

<?php
$string = '<?php echo "aaa;"?><b>sss</b>';
print "before: ". htmlspecialchars($string). "<br>";


print "after: ". cleanInput($string);

function cleanInput($input) {
    $output = strip_tags($input, '<p><a><b><div>');
    return htmlspecialchars($output);
}

where <p><a><b><div> are the allowable tags. this is good so, you can only set which tags you want to allow. This will also strip <script> and other tags

Read: http://php.net/strip_tags

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question htaccess regex not accepting some special characters Advice on display special characters Special characters display as ? marks Display special characters in PHP Display special characters in javascript PHP Display Special Characters Saving and Displaying HTML and special characters in a mysql database safely? How to display special characters in PHP Unable to display special characters in IE Special characters display as garbage in Chrome
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM