How can I allow only HTML into my database?
Question
I'm trying to allow the user to input only HTML into a form, and on submit, store it into the database. I've been trying to use mysql_real_escape_string , but the PHP I put into the form with the HTML tags seems to not be stripped. How can I "filter" what is stored into the database?
EDIT:
I want to keep the HTML as-is. So, say a user inputs
<input type="text"/>
and hits submit; I want that to be entered into the database without any problems, and then later on down the road, be able to show up on their post.
I want to get rid of things such as PHP tags:
<input type="text"/>
<?php echo "Hello World!"; ?> <-- I do not want to store this.
If it's still not making any sense I will try my best to explain it a little better.
1 answers
solution1
1 2011-03-29 18:26:41
You'll need to parse the HTML and strip out unwanted tags. This is a relatively trivial with a decent parser, such as the PHP XML Parser .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.