PHP: How can I disable HTML content in user content?

Question

PHP: How can I disable HTML content in user content?

I am launching a niche social networking site. I would like to ban HTML content in posts posted by the user; e.g. embedded videos etc. what option is there in php to clear this before I insert in db.

+7

php

Jatt Jan 30 '12 at 4:58

source share

2 answers

DisgruntledGoat · Answer 1 · 2012-01-30T15:33:56+0000

There are three main solutions:

Remove all HTML tags from the message. In PHP, you can do this with the strip_tags() function.
Encode all characters, so if the user types in <b>hello</b> , it is displayed as <b>hello</b> . In PHP, this is htmlspecialchars() . (Note: in this situation, you usually save the content in the database as is, and use htmlspecialchars wherever you output the content.)
Use a sanitizer for HTML, such as an HTML cleaner . This allows users to use certain HTML formatting, such as bold / italics, but blocks malicious Javascript and any other tags that you want (i.e. <object> in your case).

stealthyninja · Answer 2 · 2012-01-30T07:38:45+0000

You can use the strip_tags() function.

PHP: How can I disable HTML content in user content?

More articles: